Home/Product/glpi project glpi
Product

glpi project glpi

191 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-32312
>= 11.0.0 and < 11.0.7
GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, an authenticated user with forms READ
4.3MEDIUM
 CVE-2026-29047
>= 10.0.0 and < 10.0.24
GLPI is a free asset and IT management software package. From 10.0.0 to before 10.0.24 and 11.0.6, an authenticated user can perfo
7.2HIGH
 CVE-2026-26263
>= 11.0.0 and < 11.0.6
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated time-based blind SQL inj
8.1HIGH
 CVE-2026-26027
>= 11.0.0 and < 11.0.6
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated user can store an XSS pa
7.5HIGH
 CVE-2026-26026
>= 11.0.0 and < 11.0.6
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administrator lead
9.1CRITICAL
 CVE-2026-25932
>= 0.60 and < 10.0.24
GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store a
7.2HIGH
 CVE-2026-25937
>= 11.0.0 and < 11.0.6
GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor
6.5MEDIUM
 CVE-2026-25936
> 11.0.0 and <= 11.0.6
GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated
6.5MEDIUM
 CVE-2026-22248
>= 11.0.0 and < 11.0.5
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and so
8.0HIGH
 CVE-2026-23624
>= 0.71 and < 10.0.23
GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.0.5, when
4.3MEDIUM
 CVE-2026-22247
>= 11.0.0 and < 11.0.5
GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SS
4.1MEDIUM
 CVE-2026-22044
>= 0.85 and < 10.0.23
GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can perform a
6.5MEDIUM
 CVE-2025-66417
>= 11.0.0 and < 11.0.3
GLPI is a free asset and IT management software package. From 11.0.0, < 11.0.3, an unauthenticated user can perform a SQL injectio
7.5HIGH
 CVE-2025-64516
>= 10.0.0 and < 10.0.21
GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documen
7.5HIGH
 CVE-2023-53943
all versions
GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism that allows attackers to validate
5.3MEDIUM
 CVE-2025-64520
>= 9.1.0 and < 10.0.21
GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized u
6.5MEDIUM
 CVE-2025-59935
>= 10.0.0 and < 10.0.21
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.21, an unauthenticat
6.5MEDIUM
 CVE-2025-53357
>= 0.78 and < 10.0.19
GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides
5.4MEDIUM
 CVE-2025-53113
>= 0.65 and < 10.0.19
GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides
2.7LOW
 CVE-2025-53112
>= 9.1.0 and < 10.0.19
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software
4.3MEDIUM
 CVE-2025-53111
>= 0.80 and < 10.0.19
GLPI is a Free Asset and IT Management Software package. In versions 0.80 through 10.0.18, a lack of permission checks can result
6.5MEDIUM
 CVE-2025-53008
>= 9.3.1 and < 10.0.19
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Ser
6.5MEDIUM
 CVE-2025-52897
>= 9.1.0 and < 10.0.19
GLPI is a Free Asset and IT Management Software package. In versions 9.1.0 through 10.0.18, an unauthenticated user can send a mal
6.5MEDIUM
 CVE-2025-52567
>= 0.84 and < 10.0.19
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software
3.5LOW
 CVE-2025-27514
>= 9.5.0 and < 10.0.19
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software
4.5MEDIUM
 CVE-2025-24801
>= 0.85 and < 10.0.18
GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of *.php files l
8.5HIGH
 CVE-2025-24799
>= 10.0.0 and < 10.0.18
GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory
7.5HIGH
 CVE-2025-21619
>= 0.78 and < 10.0.18
GLPI is a free asset and IT management software package. An administrator user can perfom a SQL injection through the rules config
9.8CRITICAL
 CVE-2025-25192
< 10.0.18
GLPI is a free asset and IT management software package. Prior to version 10.0.18, a low privileged user can enable debug mode and
6.5MEDIUM
 CVE-2025-23046
>= 9.5.0 and < 10.0.18
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.18, if a "Mail server
7.5HIGH
 CVE-2025-23024
>= 0.72 and < 10.0.18
GLPI is a free asset and IT management software package. Starting in version 0.72 and prior to version 10.0.18, an anonymous user
4.3MEDIUM
 CVE-2025-21627
< 10.0.18
GLPI is a free asset and IT management software package. In versions prior to 10.0.18, a malicious link can be crafted to perform
6.5MEDIUM
 CVE-2025-21626
>= 0.71 and < 10.0.18
GLPI is a free asset and IT management software package. Starting in version 0.71 and prior to version 10.0.18, an anonymous user
5.8MEDIUM
 CVE-2024-11955
>= 0.85 and < 10.0.18
A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown
4.3MEDIUM
 CVE-2024-50339
>= 9.5.0 and < 10.0.17
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticate
5.3MEDIUM
 CVE-2024-48912
>= 10.0.0 and < 10.0.17
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated
8.1HIGH
 CVE-2024-47761
>= 0.80 and < 10.0.17
GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an administrator w
7.2HIGH
 CVE-2024-47760
>= 9.1.0 and < 10.0.17
GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with
8.8HIGH
 CVE-2024-47758
>= 9.3.0 and < 10.0.17
GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated
8.8HIGH
 CVE-2024-43416
>= 0.80 and < 10.0.17
GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an unauthenticated
7.5HIGH
 CVE-2024-38370
>= 9.2.0 and < 10.0.16
GLPI is a free asset and IT management software package. Starting in 9.2.0 and prior to 11.0.0, it is possible to download a docum
5.3MEDIUM
 CVE-2024-45611
>= 0.84 and < 10.0.17
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and so
5.7MEDIUM
 CVE-2024-45610
>= 10.0.0 and < 10.0.17
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and so
6.5MEDIUM
 CVE-2024-45609
>= 0.70 and < 10.0.17
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software
6.5MEDIUM
 CVE-2024-45608
>= 9.5.0 and < 10.0.17
GLPI is a free asset and IT management software package. An authenticated user can perfom a SQL injection by changing its preferen
6.5MEDIUM
 CVE-2024-43418
>= 0.65 and < 10.0.17
GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician
6.5MEDIUM
 CVE-2024-43417
>= 10.0.0 and < 10.0.17
GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician
6.5MEDIUM
 CVE-2024-41679
>= 10.0.0 and < 10.0.17
GLPI is a free asset and IT management software package. An authenticated user can exploit a SQL injection vulnerability from the
6.5MEDIUM
 CVE-2024-47759
>= 9.2.0 and < 10.0.17
GLPI is a free Asset and IT management software package. An technician can upload a SVG containing a malicious script. The script
4.8MEDIUM
 CVE-2024-41678
>= 0.50 and < 10.0.17
GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician
6.5MEDIUM
 CVE-2024-40638
>= 0.85 and < 10.0.17
GLPI is a free asset and IT management software package. An authenticated user can exploit multiple SQL injection vulnerabilities.
8.1HIGH
 CVE-2024-37149
>= 0.85 and < 10.0.16
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and so
7.2HIGH
 CVE-2024-37148
>= 0.84 and < 10.0.16
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and so
8.1HIGH
 CVE-2024-37147
>= 0.85 and < 10.0.16
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and so
4.3MEDIUM
 CVE-2024-31456
>= 9.3.0 and < 10.0.15
GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulne
7.7HIGH
 CVE-2024-29889
>= 10.0.10 and < 10.0.15
GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulne
7.1HIGH
 CVE-2024-27914
>= 10.0.8 and < 10.0.13
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software
5.3MEDIUM
 CVE-2024-27104
>= 9.5.0 and < 10.0.13
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software
4.5MEDIUM
 CVE-2024-27098
>= 9.5.0 and < 10.0.13
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software
6.4MEDIUM
 CVE-2024-27096
>= 0.65 and < 10.0.13
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software
7.7HIGH
 CVE-2024-27937
>= 10.0.0 and < 10.0.13
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software
6.5MEDIUM
 CVE-2024-27930
>= 0.78 and < 10.0.13
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software
6.5MEDIUM
 CVE-2024-27756
<= 10.0.12
GLPI through 10.0.12 allows CSV injection by an attacker who is able to create an asset with a crafted title.
8.8HIGH
 CVE-2024-23645
>= 0.65 and < 10.0.12
GLPI is a Free Asset and IT Management Software package. A malicious URL can be used to execute XSS on reports pages. Upgrade to
6.5MEDIUM
 CVE-2023-51446
>= 0.70 and < 10.0.12
GLPI is a Free Asset and IT Management Software package. When authentication is made against a LDAP, the authentication form can b
5.9MEDIUM
 CVE-2023-46727
>= 10.0.0 and < 10.0.11
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory e
8.6HIGH
 CVE-2023-46726
>= 10.0.0 and < 10.0.11
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, on PHP 7.4 only,
7.2HIGH
 CVE-2023-43813
>= 10.0.0 and < 10.0.11
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, the saved search
6.5MEDIUM
 CVE-2023-42802
>= 10.0.7 and < 10.0.10
GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified ob
10.0CRITICAL
 CVE-2023-42462
>= 10.0.0 and < 10.0.10
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Ser
7.7HIGH
 CVE-2023-42461
>= 10.0.0 and < 10.0.10
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Ser
6.5MEDIUM
 CVE-2023-41888
>= 10.0.8 and < 10.0.10
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Ser
5.3MEDIUM
 CVE-2023-41326
>= 9.5.0 and < 10.0.10
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Ser
8.1HIGH
 CVE-2023-41324
>= 9.3.0 and < 10.0.10
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Ser
8.1HIGH
 CVE-2023-41323
>= 0.68 and < 10.0.10
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Ser
5.3MEDIUM
 CVE-2023-41322
>= 9.1.0 and < 10.0.10
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Ser
4.9MEDIUM
 CVE-2023-41321
>= 9.1.1 and < 10.0.10
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Ser
4.9MEDIUM
 CVE-2023-41320
>= 10.0.0 and < 10.0.10
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Ser
8.1HIGH
 CVE-2023-37278
< 10.0.9
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software
6.8MEDIUM
 CVE-2023-36808
>= 0.80 and < 10.0.8
GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.8, Computer Virtual Ma
8.6HIGH
 CVE-2023-35940
>= 9.5.0 and < 10.0.8
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect right
7.5HIGH
 CVE-2023-35939
>= 9.5.0 and < 10.0.8
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect right
8.1HIGH
 CVE-2023-35924
>= 10.0.0 and < 10.0.8
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.8, GLPI inventory en
8.6HIGH
 CVE-2023-34244
>= 9.4.0 and < 10.0.8
GLPI is a free asset and IT management software package. Starting in version 9.4.0 and prior to version 10.0.8, a malicious link c
6.5MEDIUM
 CVE-2023-34107
>= 9.2.0 and < 10.0.8
GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an
6.5MEDIUM
 CVE-2023-34106
>= 0.68 and < 10.0.8
GLPI is a free asset and IT management software package. Versions of the software starting with 0.68 and prior to 10.0.8 have an i
6.5MEDIUM
 CVE-2023-28852
>= 9.5.0 and < 9.5.13
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 9.5.13 and 10.0.7, a user
4.8MEDIUM
 CVE-2023-28849
>= 10.0.0 and < 10.0.7
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.7, GLPI inventory en
10.0CRITICAL
 CVE-2023-28838
>= 0.50 and < 9.5.13
GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL I
9.6CRITICAL
 CVE-2023-28639
>= 0.85 and < 9.5.13
GLPI is a free asset and IT management software package. Starting in version 0.85 and prior to versions 9.5.13 and 10.0.7, a malic
6.1MEDIUM
 CVE-2023-28636
>= 0.60 and < 9.5.13
GLPI is a free asset and IT management software package. Starting in version 0.60 and prior to versions 9.5.13 and 10.0.7, a vulne
4.5MEDIUM
 CVE-2023-28634
>= 0.83 and < 9.5.13
GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, a user
8.8HIGH
 CVE-2023-28633
>= 0.84 and < 9.5.13
GLPI is a free asset and IT management software package. Starting in version 0.84 and prior to versions 9.5.13 and 10.0.7, usage o
3.5LOW
 CVE-2023-28632
>= 0.83 and < 9.5.13
GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, an auth
8.1HIGH
 CVE-2023-23610
>= 0.65 and < 9.5.12
GLPI is a Free Asset and IT Management Software package. Versions prior to 9.5.12 and 10.0.6 are vulnerable to Improper Privilege
6.5MEDIUM
 CVE-2023-22725
>= 0.60 and < 9.5.12
GLPI is a Free Asset and IT Management Software package. Versions 0.6.0 and above, prior to 10.0.6 are vulnerable to Cross-site Sc
6.2MEDIUM
 CVE-2023-22724
>= 10.0.0 and < 10.0.6
GLPI is a Free Asset and IT Management Software package. Versions prior to 10.0.6 are subject to Cross-site Scripting via maliciou
6.2MEDIUM
 CVE-2023-22722
>= 9.4.0 and < 9.5.12
GLPI is a Free Asset and IT Management Software package. Versions 9.4.0 and above, prior to 10.0.6 are subject to Cross-site Scrip
6.8MEDIUM
 CVE-2023-22500
>= 10.0.0 and < 10.0.6
GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, prior to 10.0.6 are vulnerable to Incorrect Au
7.5HIGH
 CVE-2022-41941
>= 0.70 and < 9.5.12
GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, prior to 10.0.6, are subject to Cross-site Scr
6.2MEDIUM
 CVE-2022-39376
>= 0.65 and < 10.0.4
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITI
2.6LOW
 CVE-2022-39375
>= 0.84 and < 10.0.4
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITI
4.5MEDIUM
 CVE-2022-39373
>= 10.0.0 and < 10.0.4
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITI
4.9MEDIUM
 CVE-2022-39372
>= 0.70 and < 10.0.4
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITI
3.5LOW
 CVE-2022-39371
>= 10.0.0 and < 10.0.4
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITI
7.5HIGH
 CVE-2022-39370
>= 0.70 and < 10.0.4
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITI
4.3MEDIUM
 CVE-2022-39277
>= 0.60 and < 10.0.4
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITI
4.5MEDIUM
 CVE-2022-39323
>= 9.1 and < 10.0.4
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITI
7.4HIGH
 CVE-2022-39276
< 10.0.4
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITI
3.5LOW
 CVE-2022-39262
>= 0.65 and < 10.0.4
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package, GLPI administrat
5.2MEDIUM
 CVE-2022-39234
< 10.0.4
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITI
4.7MEDIUM
 CVE-2022-35914
<= 10.0.2
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.
9.8CRITICAL
 CVE-2022-36112
< 10.0.3
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL
3.5LOW
 CVE-2022-35947
< 10.0.3
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL
10.0CRITICAL
 CVE-2022-35946
< 10.0.3
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL
5.5MEDIUM
 CVE-2022-35945
< 10.0.3
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL
6.3MEDIUM
 CVE-2022-31187
< 10.0.3
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL
6.8MEDIUM
 CVE-2022-31143
< 10.0.3
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL
5.3MEDIUM
 CVE-2022-31068
>= 10.0.0 and < 10.0.2
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software
5.3MEDIUM
 CVE-2022-31061
>= 9.3.0 and < 9.5.8
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software
9.8CRITICAL
 CVE-2022-31056
>= 10.0.0 and < 10.0.2
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software
9.8CRITICAL
 CVE-2022-29250
all versions
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software
8.1HIGH
 CVE-2022-24876
all versions
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software
5.4MEDIUM
 CVE-2022-24869
<= 0.90
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software
4.6MEDIUM
 CVE-2022-24868
< 10.0.0
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software
7.3HIGH
 CVE-2022-24867
< 10.0.0
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software
7.5HIGH
 CVE-2021-44617
all versions
A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOut
9.8CRITICAL
 CVE-2022-21720
< 9.5.7
GLPI is a free asset and IT management software package. Prior to version 9.5.7, an entity administrator is capable of retrieving
4.9MEDIUM
 CVE-2022-21719
< 9.5.7
GLPI is a free asset and IT management software package. All GLPI versions prior to 9.5.7 are vulnerable to reflected cross-site s
6.1MEDIUM
 CVE-2021-39213
>= 9.1 and < 9.5.6
GLPI is a free Asset and IT management software package. Starting in version 9.1 and prior to version 9.5.6, GLPI with API Rest en
6.8MEDIUM
 CVE-2021-39211
>= 9.2 and < 9.5.6
GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoin
5.3MEDIUM
 CVE-2021-39210
< 9.5.6
GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, the cookie used to store the autologin cookie
6.5MEDIUM
 CVE-2021-39209
< 9.5.6
GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a user who is logged in to GLPI can bypass Cr
8.8HIGH
 CVE-2021-3486
all versions
GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execute JavaScript code.
6.1MEDIUM
 CVE-2021-21327
< 9.5.4
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and so
6.8MEDIUM
 CVE-2021-21326
< 9.5.4
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and so
7.7HIGH
 CVE-2021-21325
< 9.5.4
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and so
6.2MEDIUM
 CVE-2021-21324
< 9.5.4
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and so
6.8MEDIUM
 CVE-2021-21314
< 9.5.4
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Sof
5.4MEDIUM
 CVE-2021-21313
< 9.5.4
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Sof
4.9MEDIUM
 CVE-2021-21312
< 9.5.4
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Sof
5.4MEDIUM
 CVE-2021-21258
>= 9.5.0 and < 9.5.4
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and so
6.8MEDIUM
 CVE-2021-21255
all versions
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and so
5.8MEDIUM
 CVE-2020-27663
< 9.5.3
In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attack
4.3MEDIUM
 CVE-2020-27662
< 9.5.3
In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to re
4.3MEDIUM
 CVE-2020-26212
< 9.5.3
GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package, that provides I
7.7HIGH
 CVE-2020-15226
< 9.5.2
In GLPI before version 9.5.2, there is a SQL Injection in the API's search function. Not only is it possible to break the SQL synt
5.0MEDIUM
 CVE-2020-15217
>= 9.5.0 and < 9.5.2
In GLPI before version 9.5.2, there is a leakage of user information through the public FAQ. The issue was introduced in version 9
5.3MEDIUM
 CVE-2020-15177
< 9.5.2
In GLPI before version 9.5.2, the install/install.php endpoint insecurely stores user input into the database as url_base and
8.0HIGH
 CVE-2020-15176
< 9.5.2
In GLPI before version 9.5.2, when supplying a back tick in input that gets put into a SQL query,the application does not escape o
8.7HIGH
 CVE-2020-15175
< 9.5.2
In GLPI before version 9.5.2, the ​pluginimage.send.php​ endpoint allows a user to specify an image from a plugin. The param
7.4HIGH
 CVE-2020-11031
< 9.5.0
In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password
7.8HIGH
 CVE-2020-15108
< 9.5.1
In glpi before 9.5.1, there is a SQL injection for all usages of "Clone" feature. This has been fixed in 9.5.1.
7.1HIGH
 CVE-2020-11062
>= 0.68.1 and < 9.4.6
In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in Dropdown endpoints due to an invalid Content-Type. This has
6.0MEDIUM
 CVE-2020-11060
< 9.4.6
In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerabili
7.4HIGH
 CVE-2020-5248
< 9.4.6
GLPI before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every in
7.2HIGH
 CVE-2020-11036
< 9.4.6
In GLPI before version 9.4.6 there are multiple related stored XSS vulnerabilities. The package is vulnerable to Stored XSS in the
7.6HIGH
 CVE-2020-11035
>= 0.83.3 and < 9.4.6
In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementati
7.5HIGH
 CVE-2020-11034
< 9.4.6
In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on
6.1MEDIUM
 CVE-2020-11033
>= 9.1 and < 9.4.6
In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of
6.6MEDIUM
 CVE-2020-11032
all versions
In GLPI before version 9.4.6, there is a SQL injection vulnerability for all helpdesk instances. Exploiting this vulnerability req
7.6HIGH
 CVE-2013-2227
all versions
GLPI 0.83.7 has Local File Inclusion in common.tabs.php.
7.5HIGH
 CVE-2019-14666
<= 9.4.3
GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct
8.8HIGH
 CVE-2019-1010307
all versions
GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS). The impact is: All dropdown values are vulnerable to XSS leadi
5.4MEDIUM
 CVE-2019-1010310
all versions
GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder d
3.5LOW
 CVE-2019-13240
< 9.4.1
An issue was discovered in GLPI before 9.4.1. After a successful password reset by a user, it is possible to change that user's pa
5.9MEDIUM
 CVE-2019-13239
>= 9.1 and < 9.4.3
inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture.
6.1MEDIUM
 CVE-2019-10233
< 9.4.1.1
Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie.
8.1HIGH
 CVE-2018-13049
>= 9.2.0 and <= 9.3.0
The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering
8.8HIGH
 CVE-2018-7563
<= 9.2.1
An issue was discovered in GLPI through 9.2.1. The application is affected by XSS in the query string to front/preference.php. An
6.1MEDIUM
 CVE-2018-7562
<= 9.2.1
A remote code execution issue was discovered in GLPI through 9.2.1. There is a race condition that allows temporary access to an u
7.5HIGH
 CVE-2017-11184
<= 9.1.4
SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter.
9.8CRITICAL
 CVE-2017-11183
<= 9.1.4
front/backup.php in GLPI before 9.1.5 allows remote authenticated administrators to delete arbitrary files via a crafted file para
4.9MEDIUM
 CVE-2017-11475
<= 9.1.5.0
GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php.
8.8HIGH
 CVE-2017-11474
<= 9.1.5.0
GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computer_softwareversion.class.php, exploitable via ajax/common
9.8CRITICAL
 CVE-2016-7509
all versions
Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to inject arbitrary web script or HT
5.4MEDIUM
 CVE-2016-7507
all versions
Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to submit a request that coul
8.0HIGH
 CVE-2017-11329
<= 9.1.4
GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php request with an entity_restrict parameter that is not a li
9.8CRITICAL
 CVE-2016-7508
all versions
Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authenticated remote attacker to execute arbitrary SQL commands by
7.5HIGH
 CVE-2015-7685
<= 0.85.2
GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and
 CVE-2015-7684
<= 0.85.2
Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with a
 CVE-2014-8360
<= 0.84.7
Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execut
 CVE-2014-5032
<= 0.84.6
GLPI before 0.84.7 does not properly restrict access to cost information, which allows remote attackers to obtain sensitive inform
 CVE-2014-9258
<= 0.85
SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitr
 CVE-2013-2225
<= 0.83.9
inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_f
 CVE-2013-2226
<= 0.83.8
Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the (1)
 CVE-2013-5696
<= 0.84.1
inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is comp
 CVE-2012-4003
<= 0.83.2
Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GLPI before 0.83.3 allow remote attackers to inject arbitrary
 CVE-2012-4002
<= 0.83.2
Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI before 0.83.3 allows remote attackers to hijack the authentic
 CVE-2012-1037
all versions
PHP remote file inclusion vulnerability in front/popup.php in GLPI 0.78 through 0.80.61 allows remote authenticated users to execu
 CVE-2011-2720
<= 0.80.1
The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remot
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns TAXII feed Data sources
About All capabilities Pricing API docs Live statistics Live status Privacy policy Terms of service
threatengine.sh