glpi-project
218 tracked vulnerabilities.
CVE-2025-59935
MEDIUM
GLPI 10.0.0-10.0.20 - Unauthenticated Stored Cross-Site Scripting via Inventory Endpoint
Dec 16, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-32786
HIGH
GLPI Inventory Plugin <1.5.1 - SQL Injection
Nov 04, 2025
CVSS 7.5
EPSS 0.07
CVE-2025-53105
HIGH
GLPI <10.0.19 - Privilege Escalation
Aug 27, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-53357
MEDIUM
GLPI <10.0.18 - Privilege Escalation
Jul 30, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-53113
LOW
GLPI 0.65-10.0.18 - Improper Access Control via External Links Feature
Jul 30, 2025
CVSS 2.7
EPSS 0.00
CVE-2025-53112
MEDIUM
GLPI 9.1.0-10.0.18 - Unauthenticated Unauthorized Resource Removal
Jul 30, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-53111
MEDIUM
GLPI 0.80-10.0.18 - Unauthenticated Improper Access Control
Jul 30, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-53008
MEDIUM
GLPI 9.3.1-10.0.19 - Authenticated Credential Theft via Malicious Payload
Jul 30, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-52897
MEDIUM
GLPI 9.1.0-10.0.18 - Unauthenticated Cross-Site Scripting via Planning Feature
Jul 30, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-52567
LOW
GLPI 0.84-10.0.18 - Server-Side Request Forgery via RSS Feed or External Calendar
Jul 30, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-27514
MEDIUM
GLPI 9.5.0-10.0.18 - Stored Cross-Site Scripting in Project Kanban
Jul 29, 2025
CVSS 4.5
EPSS 0.00
CVE-2025-27147
HIGH
GLPI Inventory Plugin <1.5.0 - Privilege Escalation
Mar 25, 2025
CVSS 8.2
EPSS 0.00
CVE-2025-24801
HIGH
GLPI 0.85-10.0.17 - Authenticated Arbitrary PHP File Upload and Execution
Mar 18, 2025
CVSS 8.5
EPSS 0.17
CVE-2025-24799
HIGH
NUCLEI
GLPI 10.0.0-10.0.17 - Unauthenticated SQL Injection via Inventory Endpoint
Mar 18, 2025
CVSS 7.5
EPSS 0.86
CVE-2025-21619
CRITICAL
GLPI 0.78-10.0.17 - Authenticated SQL Injection via Rules Configuration Forms
Mar 18, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-26626
MEDIUM
glpi-inventory-plugin < 1.5.0 - Reflected Cross-Site Scripting
Mar 14, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-25192
MEDIUM
GLPI < 10.0.18 - Authenticated Exposure of Sensitive Information via Debug Mode
Feb 25, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-23046
HIGH
GLPI 9.5.0-10.0.17 - Authentication Bypass via OauthIMAP Plugin
Feb 25, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-23024
MEDIUM
GLPI 0.72-10.0.18 - Unauthenticated Plugin Disabling via install/update.php
Feb 25, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-21627
MEDIUM
GLPI < 10.0.18 - Unauthenticated Reflected Cross-Site Scripting via Search Page
Feb 25, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-21626
MEDIUM
GLPI 0.71-10.0.17 - Unauthenticated Exposure of Sensitive Information via status.php Endpoint
Feb 25, 2025
CVSS 5.8
EPSS 0.00
CVE-2024-11955
MEDIUM
GLPI < 10.0.18 - Open Redirect via /index.php Redirect Parameter
Feb 25, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-50339
MEDIUM
GLPI 9.5.0-10.0.16 - Unauthenticated Session ID Exposure and Hijacking
Dec 12, 2024
CVSS 5.3
EPSS 0.20
CVE-2024-48912
HIGH
GLPI 10.0.0-10.0.16 - Authenticated Arbitrary User Account Deletion via Application Endpoint
Dec 11, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-47761
HIGH
GLPI <10.0.17 - Privilege Escalation
Dec 11, 2024
CVSS 7.2
EPSS 0.01