glpi-project
218 tracked vulnerabilities.
CVE-2024-47760
HIGH
GLPI <10.0.17 - Privilege Escalation
Dec 11, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-47758
HIGH
GLPI <10.0.17 - Privilege Escalation
Dec 11, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-43416
HIGH
GLPI 0.80-10.0.16 - Unauthenticated User Email Enumeration via Application Endpoint
Nov 18, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-38370
MEDIUM
GLPI 9.2.0-10.0.16 - Unauthenticated Document Download via API
Nov 15, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-45611
MEDIUM
GLPI 0.84-10.0.16 - Authenticated Stored Cross-Site Scripting via Private RSS Feed
Nov 15, 2024
CVSS 5.7
EPSS 0.00
CVE-2024-45610
MEDIUM
GLPI 10.0.0-10.0.16 - Unauthenticated Reflected Cross-Site Scripting in Cable Form
Nov 15, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-45609
MEDIUM
GLPI >= 0.70 < 10.0.17 - Unauthenticated Reflected Cross-Site Scripting in Reports Pages
Nov 15, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-45608
MEDIUM
GLPI 9.5.0-10.0.16 - Authenticated SQL Injection via Preferences
Nov 15, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-43418
MEDIUM
GLPI 0.65-10.0.16 - Unauthenticated Reflected Cross-Site Scripting
Nov 15, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-43417
MEDIUM
GLPI 10.0.0-10.0.16 - Unauthenticated Reflected Cross-Site Scripting in Software Form
Nov 15, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-41679
MEDIUM
GLPI 10.0.0-10.0.16 - Authenticated SQL Injection via Ticket Form
Nov 15, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-47759
MEDIUM
GLPI 9.2.0-10.0.16 - Stored Cross-Site Scripting via SVG Upload
Nov 15, 2024
CVSS 4.8
EPSS 0.00
CVE-2024-41678
MEDIUM
GLPI 0.50-10.0.16 - Unauthenticated Reflected Cross-Site Scripting
Nov 15, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-40638
HIGH
GLPI 0.85-10.0.16 - Authenticated SQL Injection
Nov 15, 2024
CVSS 8.1
EPSS 0.37
CVE-2024-37149
HIGH
GLPI 0.85-10.0.15 - Authenticated Remote Code Execution via Plugin Loader Hijack
Jul 10, 2024
CVSS 7.2
EPSS 0.21
CVE-2024-37148
HIGH
GLPI 0.84-10.0.15 - Authenticated SQL Injection via AJAX Scripts
Jul 10, 2024
CVSS 8.1
EPSS 0.20
CVE-2024-37147
MEDIUM
GLPI 0.85-10.0.15 - Authenticated Improper Access Control via Document Attachment
Jul 10, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-31456
HIGH
GLPI 9.3.0-10.0.14 - Authenticated SQL Injection via Map Search
May 07, 2024
CVSS 7.7
EPSS 0.59
CVE-2024-29889
HIGH
NUCLEI
GLPI 10.0.10-10.0.14 - Authenticated SQL Injection via Saved Searches Feature
May 07, 2024
CVSS 7.1
EPSS 0.63
CVE-2024-28241
HIGH
glpi_agent < 1.7.2 - Privilege Escalation via DLL Modification
Apr 25, 2024
CVSS 7.3
EPSS 0.00
CVE-2024-28240
HIGH
glpi_agent < 1.7.2 - Denial of Service and Privilege Escalation via MSI Configuration
Apr 25, 2024
CVSS 7.3
EPSS 0.00
CVE-2024-27914
MEDIUM
GLPI 10.0.8-10.0.12 - Unauthenticated Reflected Cross-Site Scripting via Debug Bar
Mar 18, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-27104
MEDIUM
GLPI 9.5.0-10.0.12 - Stored Cross-Site Scripting via Dashboard Sharing
Mar 18, 2024
CVSS 4.5
EPSS 0.01
CVE-2024-27098
MEDIUM
GLPI 9.5.0-10.0.12 - Authenticated Server-Side Request Forgery via Arbitrary Object Instantiation
Mar 18, 2024
CVSS 6.4
EPSS 0.36
CVE-2024-27096
HIGH
GLPI 0.65-10.0.12 - Authenticated SQL Injection via Search Engine
Mar 18, 2024
CVSS 7.7
EPSS 0.59