VYPR

Glpi

by Glpi Project

Source repositories

CVEs (201)

  • CVE-2025-64520Dec 16, 2025
    risk 0.00cvss epss 0.00

    GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch.

  • CVE-2025-59935Dec 16, 2025
    risk 0.00cvss epss 0.00

    GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.21, an unauthenticated user can store an XSS payload through the inventory endpoint. Users should upgrade to 10.0.21 to receive a patch.

  • CVE-2025-53357Jul 30, 2025
    risk 0.00cvss epss 0.00

    GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.78 through 10.0.18, a connected user can alter the reservations of…

  • CVE-2025-53113Jul 30, 2025
    risk 0.00cvss epss 0.00

    GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.65 through 10.0.18, a technician can use the external links…

  • CVE-2025-53112Jul 30, 2025
    risk 0.00cvss epss 0.00

    GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.1.0 through 10.0.18, a lack of permission checks can result in unauthorized removal of some specific resources. This is fixed…

  • CVE-2025-53111Jul 30, 2025
    risk 0.00cvss epss 0.00

    GLPI is a Free Asset and IT Management Software package. In versions 0.80 through 10.0.18, a lack of permission checks can result in unauthorized access to some resources. This is fixed in version 10.0.19.

  • CVE-2025-53008Jul 30, 2025
    risk 0.00cvss epss 0.00

    GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.3.1 through 10.0.19, a connected user can use a malicious payload to steal…

  • CVE-2025-52897Jul 30, 2025
    risk 0.00cvss epss 0.00

    GLPI is a Free Asset and IT Management Software package. In versions 9.1.0 through 10.0.18, an unauthenticated user can send a malicious link to attempt a phishing attack from the planning feature. This is fixed in version 10.0.19.

  • CVE-2025-52567Jul 30, 2025
    risk 0.00cvss epss 0.00

    GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 0.84 through 10.0.18, usage of RSS feeds or external calendars when planning is subject to SSRF exploit. The previous security…

  • CVE-2025-27514Jul 29, 2025
    risk 0.00cvss epss 0.00

    GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 9.5.0 through 10.0.18, a technician can use a malicious payload to trigger a stored XSS on the project's kanban. This is fixed…

  • CVE-2025-24801Mar 18, 2025
    risk 0.00cvss epss 0.17

    GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of *.php files located on the GLPI server. This vulnerability is fixed in 10.0.18.

  • CVE-2025-21619Mar 18, 2025
    risk 0.00cvss epss 0.00

    GLPI is a free asset and IT management software package. An administrator user can perfom a SQL injection through the rules configuration forms. This vulnerability is fixed in 10.0.18.

  • CVE-2025-25192Feb 25, 2025
    risk 0.00cvss epss 0.01

    GLPI is a free asset and IT management software package. Prior to version 10.0.18, a low privileged user can enable debug mode and access sensitive information. Version 10.0.18 contains a patch. As a workaround, one may delete the `install/update.php` file.

  • CVE-2025-23046Feb 25, 2025
    risk 0.00cvss epss 0.00

    GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.18, if a "Mail servers" authentication provider is configured to use an Oauth connection provided by the OauthIMAP plugin, anyone can connect to GLPI using a user name on…

  • CVE-2025-23024Feb 25, 2025
    risk 0.00cvss epss 0.00

    GLPI is a free asset and IT management software package. Starting in version 0.72 and prior to version 10.0.18, an anonymous user can disable all the active plugins. Version 10.0.18 contains a patch. As a workaround, one may delete the `install/update.php` file.

  • CVE-2025-21627Feb 25, 2025
    risk 0.00cvss epss 0.00

    GLPI is a free asset and IT management software package. In versions prior to 10.0.18, a malicious link can be crafted to perform a reflected XSS attack on the search page. If the anonymous ticket creation is enabled, this attack can be performed by an unauthenticated user.…

  • CVE-2025-21626Feb 25, 2025
    risk 0.00cvss epss 0.00

    GLPI is a free asset and IT management software package. Starting in version 0.71 and prior to version 10.0.18, an anonymous user can fetch sensitive information from the `status.php` endpoint. Version 10.0.18 contains a fix for the issue. Some workarounds are available. One may…

  • CVE-2024-11955Feb 25, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument redirect leads to open redirect. The attack can be launched remotely. The…

  • CVE-2024-48912Dec 11, 2024
    risk 0.00cvss epss 0.00

    GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue.

  • CVE-2024-47761Dec 11, 2024
    risk 0.00cvss epss 0.01

    GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an administrator with access to the sent notifications contents can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue.

Page 4 of 11