glpi-project

218 tracked vulnerabilities.

CVE-2025-59935 MEDIUM
GLPI 10.0.0-10.0.20 - Unauthenticated Stored Cross-Site Scripting via Inventory Endpoint
Dec 16, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-32786 HIGH
GLPI Inventory Plugin <1.5.1 - SQL Injection
Nov 04, 2025
CVSS 7.5
EPSS 0.07
CVE-2025-53105 HIGH
GLPI <10.0.19 - Privilege Escalation
Aug 27, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-53357 MEDIUM
GLPI <10.0.18 - Privilege Escalation
Jul 30, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-53113 LOW
GLPI 0.65-10.0.18 - Improper Access Control via External Links Feature
Jul 30, 2025
CVSS 2.7
EPSS 0.00
CVE-2025-53112 MEDIUM
GLPI 9.1.0-10.0.18 - Unauthenticated Unauthorized Resource Removal
Jul 30, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-53111 MEDIUM
GLPI 0.80-10.0.18 - Unauthenticated Improper Access Control
Jul 30, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-53008 MEDIUM
GLPI 9.3.1-10.0.19 - Authenticated Credential Theft via Malicious Payload
Jul 30, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-52897 MEDIUM
GLPI 9.1.0-10.0.18 - Unauthenticated Cross-Site Scripting via Planning Feature
Jul 30, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-52567 LOW
GLPI 0.84-10.0.18 - Server-Side Request Forgery via RSS Feed or External Calendar
Jul 30, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-27514 MEDIUM
GLPI 9.5.0-10.0.18 - Stored Cross-Site Scripting in Project Kanban
Jul 29, 2025
CVSS 4.5
EPSS 0.00
CVE-2025-27147 HIGH
GLPI Inventory Plugin <1.5.0 - Privilege Escalation
Mar 25, 2025
CVSS 8.2
EPSS 0.00
CVE-2025-24801 HIGH
GLPI 0.85-10.0.17 - Authenticated Arbitrary PHP File Upload and Execution
Mar 18, 2025
CVSS 8.5
EPSS 0.17
CVE-2025-24799 HIGH NUCLEI
GLPI 10.0.0-10.0.17 - Unauthenticated SQL Injection via Inventory Endpoint
Mar 18, 2025
CVSS 7.5
EPSS 0.86
CVE-2025-21619 CRITICAL
GLPI 0.78-10.0.17 - Authenticated SQL Injection via Rules Configuration Forms
Mar 18, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-26626 MEDIUM
glpi-inventory-plugin < 1.5.0 - Reflected Cross-Site Scripting
Mar 14, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-25192 MEDIUM
GLPI < 10.0.18 - Authenticated Exposure of Sensitive Information via Debug Mode
Feb 25, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-23046 HIGH
GLPI 9.5.0-10.0.17 - Authentication Bypass via OauthIMAP Plugin
Feb 25, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-23024 MEDIUM
GLPI 0.72-10.0.18 - Unauthenticated Plugin Disabling via install/update.php
Feb 25, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-21627 MEDIUM
GLPI < 10.0.18 - Unauthenticated Reflected Cross-Site Scripting via Search Page
Feb 25, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-21626 MEDIUM
GLPI 0.71-10.0.17 - Unauthenticated Exposure of Sensitive Information via status.php Endpoint
Feb 25, 2025
CVSS 5.8
EPSS 0.00
CVE-2024-11955 MEDIUM
GLPI < 10.0.18 - Open Redirect via /index.php Redirect Parameter
Feb 25, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-50339 MEDIUM
GLPI 9.5.0-10.0.16 - Unauthenticated Session ID Exposure and Hijacking
Dec 12, 2024
CVSS 5.3
EPSS 0.20
CVE-2024-48912 HIGH
GLPI 10.0.0-10.0.16 - Authenticated Arbitrary User Account Deletion via Application Endpoint
Dec 11, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-47761 HIGH
GLPI <10.0.17 - Privilege Escalation
Dec 11, 2024
CVSS 7.2
EPSS 0.01