Glpi-project

Glpi

193 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.1

CVE-2026-32312

  • EPSS 0.04%
  • Veröffentlicht 19.05.2026 00:16:37
  • Zuletzt bearbeitet 19.05.2026 15:03:31

GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, an authenticated user with forms READ permission can export the structure of unauthorized forms. This issue has been fixed in version 11.0.7.

8.8

CVE-2026-29047

  • EPSS 0.01%
  • Veröffentlicht 06.04.2026 14:39:15
  • Zuletzt bearbeitet 07.04.2026 16:02:15

GLPI is a free asset and IT management software package. From 10.0.0 to before 10.0.24 and 11.0.6, an authenticated user can perform a SQL injection via the logs export feature. This vulnerability is fixed in 10.0.24 and 11.0.6.

9.8

CVE-2026-26263

  • EPSS 0.04%
  • Veröffentlicht 06.04.2026 14:36:57
  • Zuletzt bearbeitet 07.04.2026 16:02:38

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated time-based blind SQL injection exists in GLPI's Search engine. This vulnerability is fixed in 11.0.6.

6.1

CVE-2026-26027

  • EPSS 0.07%
  • Veröffentlicht 06.04.2026 14:35:53
  • Zuletzt bearbeitet 07.04.2026 16:02:54

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated user can store an XSS payload through the inventory endpoint. This vulnerability is fixed in 11.0.6.

7.2

CVE-2026-26026

  • EPSS 0.07%
  • Veröffentlicht 06.04.2026 14:33:05
  • Zuletzt bearbeitet 07.04.2026 16:03:34

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administrator lead to RCE. This vulnerability is fixed in 11.0.6.

4.8

CVE-2026-25932

  • EPSS 0.01%
  • Veröffentlicht 06.04.2026 14:31:02
  • Zuletzt bearbeitet 07.04.2026 16:04:32

GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in a supplier fields. This vulnerability is fixed in 10.0.24.

6.5

CVE-2026-25937

  • EPSS 0.01%
  • Veröffentlicht 17.03.2026 23:16:38
  • Zuletzt bearbeitet 23.03.2026 18:16:40

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue.

8.8

CVE-2026-25936

  • EPSS 0.04%
  • Veröffentlicht 17.03.2026 19:41:32
  • Zuletzt bearbeitet 19.03.2026 19:30:14

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue.

8.8

CVE-2026-22248

  • EPSS 0.26%
  • Veröffentlicht 11.03.2026 15:27:04
  • Zuletzt bearbeitet 20.03.2026 14:29:50

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger ...

8.8

CVE-2026-22044

  • EPSS 0.05%
  • Veröffentlicht 04.02.2026 17:15:39
  • Zuletzt bearbeitet 06.02.2026 21:19:53

GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can perform a SQL injection. This issue has been patched in version 10.0.23.