glpi-project

210 tracked vulnerabilities.

CVE-2024-43418 MEDIUM
GLPI 0.65-10.0.16 - Unauthenticated Reflected Cross-Site Scripting
Nov 15, 2024
CVSS 6.5
EPSS 0.02
CVE-2024-43417 MEDIUM
GLPI 10.0.0-10.0.16 - Unauthenticated Reflected Cross-Site Scripting in Software Form
Nov 15, 2024
CVSS 6.5
EPSS 0.02
CVE-2024-41679 MEDIUM
GLPI 10.0.0-10.0.16 - Authenticated SQL Injection via Ticket Form
Nov 15, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-47759 MEDIUM
GLPI 9.2.0-10.0.16 - Stored Cross-Site Scripting via SVG Upload
Nov 15, 2024
CVSS 4.8
EPSS 0.01
CVE-2024-41678 MEDIUM
GLPI 0.50-10.0.16 - Unauthenticated Reflected Cross-Site Scripting
Nov 15, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-40638 HIGH
GLPI 0.85-10.0.16 - Authenticated SQL Injection
Nov 15, 2024
CVSS 8.1
EPSS 0.12
CVE-2024-37149 HIGH
GLPI 0.85-10.0.15 - Authenticated Remote Code Execution via Plugin Loader Hijack
Jul 10, 2024
CVSS 7.2
EPSS 0.08
CVE-2024-37148 HIGH
GLPI 0.84-10.0.15 - Authenticated SQL Injection via AJAX Scripts
Jul 10, 2024
CVSS 8.1
EPSS 0.05
CVE-2024-37147 MEDIUM
GLPI 0.85-10.0.15 - Authenticated Improper Access Control via Document Attachment
Jul 10, 2024
CVSS 4.3
EPSS 0.13
CVE-2024-31456 HIGH
GLPI 9.3.0-10.0.14 - Authenticated SQL Injection via Map Search
May 07, 2024
CVSS 7.7
EPSS 0.24
CVE-2024-29889 HIGH NUCLEI
GLPI 10.0.10-10.0.14 - Authenticated SQL Injection via Saved Searches Feature
May 07, 2024
CVSS 7.1
EPSS 0.69
CVE-2024-28241 HIGH
glpi_agent < 1.7.2 - Privilege Escalation via DLL Modification
Apr 25, 2024
CVSS 7.3
EPSS 0.00
CVE-2024-28240 HIGH
glpi_agent < 1.7.2 - Denial of Service and Privilege Escalation via MSI Configuration
Apr 25, 2024
CVSS 7.3
EPSS 0.00
CVE-2024-27914 MEDIUM
GLPI 10.0.8-10.0.12 - Unauthenticated Reflected Cross-Site Scripting via Debug Bar
Mar 18, 2024
CVSS 5.3
EPSS 0.03
CVE-2024-27104 MEDIUM
GLPI 9.5.0-10.0.12 - Stored Cross-Site Scripting via Dashboard Sharing
Mar 18, 2024
CVSS 4.5
EPSS 0.00
CVE-2024-27098 MEDIUM
GLPI 9.5.0-10.0.12 - Authenticated Server-Side Request Forgery via Arbitrary Object Instantiation
Mar 18, 2024
CVSS 6.4
EPSS 0.14
CVE-2024-27096 HIGH
GLPI 0.65-10.0.12 - Authenticated SQL Injection via Search Engine
Mar 18, 2024
CVSS 7.7
EPSS 0.16
CVE-2024-27937 MEDIUM
GLPI 10.0.0-10.0.12 - Authenticated Email Address Disclosure
Mar 18, 2024
CVSS 6.5
EPSS 0.07
CVE-2024-27930 MEDIUM
GLPI 0.78-10.0.12 - Authenticated Sensitive Data Exposure via Item Field Access
Mar 18, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-27756 HIGH
GLPI < 10.0.12 - CSV Injection via Asset Title
Mar 15, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-23645 MEDIUM
GLPI 0.65-10.0.11 - Cross-Site Scripting via Reports Page URL
Feb 01, 2024
CVSS 6.5
EPSS 0.01
CVE-2023-53943 MEDIUM
GLPI 9.5.7 - Username Enumeration via Lost Password Endpoint
Dec 18, 2025
CVSS 5.3
EPSS 0.00
CVE-2023-51446 MEDIUM
GLPI 0.70-10.0.11 - LDAP Injection via Authentication Form
Feb 01, 2024
CVSS 5.9
EPSS 0.01
CVE-2023-46727 HIGH
GLPI 10.0.0-10.0.10 - SQL Injection via Inventory Endpoint
Dec 13, 2023
CVSS 8.6
EPSS 0.23
CVE-2023-46726 HIGH
GLPI 10.0.0-10.0.10 - Remote Code Execution via LDAP Server Configuration Form
Dec 13, 2023
CVSS 7.2
EPSS 0.00
Products
glpi 191 glpi-inventory-plugin 4 glpi_agent 3 glpi_inventory 3 GLPI 1 activity 1 barcode 1 cmdb 1 dashboard 1 manageentities 1 more_reporting 1 order 1 positions 1 reports 1
Quick Filters
Critical CVEs With Exploits In CISA KEV