glpi-project
218 tracked vulnerabilities.
CVE-2024-27937
MEDIUM
GLPI 10.0.0-10.0.12 - Authenticated Email Address Disclosure
Mar 18, 2024
CVSS 6.5
EPSS 0.27
CVE-2024-27930
MEDIUM
GLPI 0.78-10.0.12 - Authenticated Sensitive Data Exposure via Item Field Access
Mar 18, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-27756
HIGH
GLPI < 10.0.12 - CSV Injection via Asset Title
Mar 15, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-23645
MEDIUM
GLPI 0.65-10.0.11 - Cross-Site Scripting via Reports Page URL
Feb 01, 2024
CVSS 6.5
EPSS 0.01
CVE-2023-53943
MEDIUM
GLPI 9.5.7 - Username Enumeration via Lost Password Endpoint
Dec 18, 2025
CVSS 5.3
EPSS 0.00
CVE-2023-51446
MEDIUM
GLPI 0.70-10.0.11 - LDAP Injection via Authentication Form
Feb 01, 2024
CVSS 5.9
EPSS 0.01
CVE-2023-46727
HIGH
GLPI 10.0.0-10.0.10 - SQL Injection via Inventory Endpoint
Dec 13, 2023
CVSS 8.6
EPSS 0.67
CVE-2023-46726
HIGH
GLPI 10.0.0-10.0.10 - Remote Code Execution via LDAP Server Configuration Form
Dec 13, 2023
CVSS 7.2
EPSS 0.01
CVE-2023-43813
MEDIUM
GLPI 10.0.0-10.0.10 - SQL Injection via Saved Search Feature
Dec 13, 2023
CVSS 6.5
EPSS 0.31
CVE-2023-42802
CRITICAL
GLPI 10.0.7-10.0.9 - Unrestricted Upload of File with Dangerous Type via Unverified Object Instantiation
Nov 02, 2023
CVSS 10.0
EPSS 0.01
CVE-2023-42462
HIGH
GLPI 10.0.0-10.0.9 - Path Traversal and Arbitrary File Deletion via Document Upload Process
Sep 27, 2023
CVSS 7.7
EPSS 0.01
CVE-2023-42461
MEDIUM
GLPI 10.0.0-10.0.9 - SQL Injection via ITIL Actors Input Field
Sep 27, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-41888
MEDIUM
GLPI 10.0.8-10.0.9 - Path Traversal via Login Page URL
Sep 27, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-41326
HIGH
GLPI <10.0.10 - Privilege Escalation
Sep 27, 2023
CVSS 8.1
EPSS 0.31
CVE-2023-41324
HIGH
GLPI 9.3.0-10.0.9 - Unauthorized Account Access via User Resource API
Sep 27, 2023
CVSS 8.1
EPSS 0.01
CVE-2023-41323
MEDIUM
GLPI >= 0.68 < 10.0.10 - Unauthenticated User Login Enumeration
Sep 27, 2023
CVSS 5.3
EPSS 0.34
CVE-2023-41322
MEDIUM
GLPI <10.0.10 - Privilege Escalation
Sep 27, 2023
CVSS 4.9
EPSS 0.01
CVE-2023-41321
MEDIUM
GLPI 9.1.1-10.0.9 - Exposure of Sensitive Information via API Resource Enumeration
Sep 27, 2023
CVSS 4.9
EPSS 0.01
CVE-2023-41320
HIGH
GLPI 10.0.0-10.0.9 - SQL Injection via UI Layout Preferences
Sep 27, 2023
CVSS 8.1
EPSS 0.32
CVE-2023-37278
MEDIUM
GLPI < 10.0.9 - Authenticated SQL Injection via Dashboards Administration
Jul 13, 2023
CVSS 6.8
EPSS 0.01
CVE-2023-36808
HIGH
GLPI 0.80-10.0.7 - SQL Injection via Computer Virtual Machine Form and Inventory Request
Jul 05, 2023
CVSS 8.6
EPSS 0.48
CVE-2023-35940
HIGH
GLPI 9.5.0-10.0.8 - Unauthenticated Dashboard Data Access via Incorrect Rights Check
Jul 05, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-35939
HIGH
GLPI <10.0.8 - Privilege Escalation
Jul 05, 2023
CVSS 8.1
EPSS 0.01
CVE-2023-35924
HIGH
GLPI 10.0.0-10.0.8 - Unauthenticated SQL Injection via Inventory Endpoint
Jul 05, 2023
CVSS 8.6
EPSS 0.52
CVE-2023-34244
MEDIUM
GLPI 9.4.0-10.0.8 - Reflected Cross-Site Scripting via Crafted Link
Jul 05, 2023
CVSS 6.5
EPSS 0.01