Glpi-project

Glpi

184 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2026-22044

  • EPSS 0.03%
  • Veröffentlicht 04.02.2026 17:15:39
  • Zuletzt bearbeitet 06.02.2026 21:19:53

GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can perform a SQL injection. This issue has been patched in version 10.0.23.

6.5

CVE-2026-23624

  • EPSS 0.08%
  • Veröffentlicht 04.02.2026 17:15:33
  • Zuletzt bearbeitet 06.02.2026 21:18:17

GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.0.5, when remote authentication is used, based on SSO variables, a user can steal a GLPI session previously opened by another user...

9.1

CVE-2026-22247

  • EPSS 0.03%
  • Veröffentlicht 04.02.2026 17:10:30
  • Zuletzt bearbeitet 06.02.2026 21:19:00

GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook feature. This issue has been patched in version 11.0.5.

9.8

CVE-2025-66417

  • EPSS 0.11%
  • Veröffentlicht 15.01.2026 16:25:03
  • Zuletzt bearbeitet 21.01.2026 20:54:11

GLPI is a free asset and IT management software package. From 11.0.0, < 11.0.3, an unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 11.0.3.

7.5

CVE-2025-64516

  • EPSS 0.05%
  • Veröffentlicht 15.01.2026 16:01:03
  • Zuletzt bearbeitet 21.01.2026 20:53:37

GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents attached to any item (ticket, asset, ...). If the public FAQ is enabled, this unauthorized access can be performed by...

6.9

CVE-2023-53943

Exploit
  • EPSS 0.05%
  • Veröffentlicht 18.12.2025 19:53:36
  • Zuletzt bearbeitet 31.12.2025 17:34:30

GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism that allows attackers to validate email addresses. Attackers can systematically test email addresses by submitting requests to the password reset endpoin...

6.5

CVE-2025-64520

  • EPSS 0.04%
  • Veröffentlicht 16.12.2025 21:59:02
  • Zuletzt bearbeitet 18.12.2025 15:08:06

GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch.

6.5

CVE-2025-59935

  • EPSS 0.08%
  • Veröffentlicht 16.12.2025 16:34:46
  • Zuletzt bearbeitet 02.02.2026 14:59:28

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.21, an unauthenticated user can store an XSS payload through the inventory endpoint. Users should upgrade to 10.0.21 to receive a patch.

7.5

CVE-2025-53105

  • EPSS 0.06%
  • Veröffentlicht 27.08.2025 14:40:36
  • Zuletzt bearbeitet 29.08.2025 16:24:09

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 10.0.0 to before 10.0.19, a connected u...

5.4

CVE-2025-53357

  • EPSS 0.04%
  • Veröffentlicht 30.07.2025 14:17:58
  • Zuletzt bearbeitet 04.08.2025 18:57:31

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.78 through 10.0.18, a connected user ...