glpi-project

210 tracked vulnerabilities.

CVE-2025-52897 MEDIUM
GLPI 9.1.0-10.0.18 - Unauthenticated Cross-Site Scripting via Planning Feature
Jul 30, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-52567 LOW
GLPI 0.84-10.0.18 - Server-Side Request Forgery via RSS Feed or External Calendar
Jul 30, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-27514 MEDIUM
GLPI 9.5.0-10.0.18 - Stored Cross-Site Scripting in Project Kanban
Jul 29, 2025
CVSS 4.5
EPSS 0.00
CVE-2025-27147 HIGH
GLPI Inventory Plugin <1.5.0 - Privilege Escalation
Mar 25, 2025
CVSS 8.2
EPSS 0.00
CVE-2025-24801 HIGH
GLPI 0.85-10.0.17 - Authenticated Arbitrary PHP File Upload and Execution
Mar 18, 2025
CVSS 8.5
EPSS 0.03
CVE-2025-24799 HIGH NUCLEI
GLPI 10.0.0-10.0.17 - Unauthenticated SQL Injection via Inventory Endpoint
Mar 18, 2025
CVSS 7.5
EPSS 0.29
CVE-2025-21619 CRITICAL
GLPI 0.78-10.0.17 - Authenticated SQL Injection via Rules Configuration Forms
Mar 18, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-26626 MEDIUM
glpi-inventory-plugin < 1.5.0 - Reflected Cross-Site Scripting
Mar 14, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-25192 MEDIUM
GLPI < 10.0.18 - Authenticated Exposure of Sensitive Information via Debug Mode
Feb 25, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-23046 HIGH
GLPI 9.5.0-10.0.17 - Authentication Bypass via OauthIMAP Plugin
Feb 25, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-23024 MEDIUM
GLPI 0.72-10.0.18 - Unauthenticated Plugin Disabling via install/update.php
Feb 25, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-21627 MEDIUM
GLPI < 10.0.18 - Unauthenticated Reflected Cross-Site Scripting via Search Page
Feb 25, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-21626 MEDIUM
GLPI 0.71-10.0.17 - Unauthenticated Exposure of Sensitive Information via status.php Endpoint
Feb 25, 2025
CVSS 5.8
EPSS 0.00
CVE-2024-11955 MEDIUM
GLPI < 10.0.18 - Open Redirect via /index.php Redirect Parameter
Feb 25, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-50339 MEDIUM
GLPI 9.5.0-10.0.16 - Unauthenticated Session ID Exposure and Hijacking
Dec 12, 2024
CVSS 5.3
EPSS 0.20
CVE-2024-48912 HIGH
GLPI 10.0.0-10.0.16 - Authenticated Arbitrary User Account Deletion via Application Endpoint
Dec 11, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-47761 HIGH
GLPI <10.0.17 - Privilege Escalation
Dec 11, 2024
CVSS 7.2
EPSS 0.00
CVE-2024-47760 HIGH
GLPI <10.0.17 - Privilege Escalation
Dec 11, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-47758 HIGH
GLPI <10.0.17 - Privilege Escalation
Dec 11, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-43416 HIGH
GLPI 0.80-10.0.16 - Unauthenticated User Email Enumeration via Application Endpoint
Nov 18, 2024
CVSS 7.5
EPSS 0.24
CVE-2024-38370 MEDIUM
GLPI 9.2.0-10.0.16 - Unauthenticated Document Download via API
Nov 15, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-45611 MEDIUM
GLPI 0.84-10.0.16 - Authenticated Stored Cross-Site Scripting via Private RSS Feed
Nov 15, 2024
CVSS 5.7
EPSS 0.00
CVE-2024-45610 MEDIUM
GLPI 10.0.0-10.0.16 - Unauthenticated Reflected Cross-Site Scripting in Cable Form
Nov 15, 2024
CVSS 6.5
EPSS 0.02
CVE-2024-45609 MEDIUM
GLPI >= 0.70 < 10.0.17 - Unauthenticated Reflected Cross-Site Scripting in Reports Pages
Nov 15, 2024
CVSS 6.5
EPSS 0.02
CVE-2024-45608 MEDIUM
GLPI 9.5.0-10.0.16 - Authenticated SQL Injection via Preferences
Nov 15, 2024
CVSS 6.5
EPSS 0.01
Products
glpi 191 glpi-inventory-plugin 4 glpi_agent 3 glpi_inventory 3 GLPI 1 activity 1 barcode 1 cmdb 1 dashboard 1 manageentities 1 more_reporting 1 order 1 positions 1 reports 1
Quick Filters
Critical CVEs With Exploits In CISA KEV