Every CVE whose affected-product data names Glpi-project Glpi, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (188)
CVE-2022-35947 — CVSS 10.0 (critical): GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service…
CVE-2023-42802 — CVSS 10.0 (critical): GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object…
CVE-2023-28849 — CVSS 10.0 (critical): GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.7, GLPI inventory endpoint…
CVE-2017-11329 — CVSS 9.8 (critical): GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php request with an entity_restrict parameter that is not a list of…
CVE-2021-44617 — CVSS 9.8 (critical): A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated.
CVE-2022-31061 — CVSS 9.8 (critical): GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software…
CVE-2025-21619 — CVSS 9.8 (critical): GLPI is a free asset and IT management software package. An administrator user can perfom a SQL injection through the rules configuration…
CVE-2022-31056 — CVSS 9.8 (critical): GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software…
CVE-2017-11474 — CVSS 9.8 (critical): GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computer_softwareversion.class.php, exploitable via ajax/common.tabs.php.
CVE-2023-28838 — CVSS 9.6 (critical): GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection…
CVE-2026-26026 — CVSS 9.1 (critical): GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administrator lead to RCE…
CVE-2015-7684 — CVSS 9.0 (critical): Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an…
CVE-2023-28634 — CVSS 8.8 (high): GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, a user who has…
CVE-2019-14666 — CVSS 8.8 (high): GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct…
CVE-2024-27756 — CVSS 8.8 (high): GLPI through 10.0.12 allows CSV injection by an attacker who is able to create an asset with a crafted title.
CVE-2017-11475 — CVSS 8.8 (high): GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php.
CVE-2018-13049 — CVSS 8.8 (high): The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted…
CVE-2024-47760 — CVSS 8.8 (high): GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an…
CVE-2024-47758 — CVSS 8.8 (high): GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can…
CVE-2021-39209 — CVSS 8.8 (high): GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a user who is logged in to GLPI can bypass Cross-Site…
CVE-2020-15176 — CVSS 8.7 (high): In GLPI before version 9.5.2, when supplying a back tick in input that gets put into a SQL query,the application does not escape or…
CVE-2023-35924 — CVSS 8.6 (high): GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.8, GLPI inventory endpoint…
CVE-2023-36808 — CVSS 8.6 (high): GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.8, Computer Virtual Machine…
CVE-2023-46727 — CVSS 8.6 (high): GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint…
CVE-2025-24801 — CVSS 8.5 (high): GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of *.php files located on…
CVE-2023-35939 — CVSS 8.1 (high): GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check…
CVE-2022-29250 — CVSS 8.1 (high): GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing…
CVE-2024-48912 — CVSS 8.1 (high): GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can…
CVE-2024-40638 — CVSS 8.1 (high): GLPI is a free asset and IT management software package. An authenticated user can exploit multiple SQL injection vulnerabilities. One of…
CVE-2024-37148 — CVSS 8.1 (high): GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software…
CVE-2023-41326 — CVSS 8.1 (high): GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk…
CVE-2023-41324 — CVSS 8.1 (high): GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk…
CVE-2026-26263 — CVSS 8.1 (high): GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated time-based blind SQL injection…
CVE-2023-41320 — CVSS 8.1 (high): GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk…
CVE-2023-28632 — CVSS 8.1 (high): GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, an authenticated…
CVE-2020-15177 — CVSS 8.0 (high): In GLPI before version 9.5.2, the `install/install.php` endpoint insecurely stores user input into the database as `url_base` and…
CVE-2016-7507 — CVSS 8.0 (high): Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to submit a request that could lead to…
CVE-2020-11031 — CVSS 7.8 (high): In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if…
CVE-2023-42462 — CVSS 7.7 (high): GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk…
CVE-2020-26212 — CVSS 7.7 (high): GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package, that provides ITIL…
CVE-2021-21326 — CVSS 7.7 (high): GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software…
CVE-2024-27096 — CVSS 7.7 (high): GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software…
CVE-2024-31456 — CVSS 7.7 (high): GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability…
CVE-2020-11032 — CVSS 7.6 (high): In GLPI before version 9.4.6, there is a SQL injection vulnerability for all helpdesk instances. Exploiting this vulnerability requires a…
CVE-2020-11036 — CVSS 7.6 (high): In GLPI before version 9.4.6 there are multiple related stored XSS vulnerabilities. The package is vulnerable to Stored XSS in the comments…
CVE-2022-24867 — CVSS 7.5 (high): GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing…
CVE-2018-7562 — CVSS 7.5 (high): A remote code execution issue was discovered in GLPI through 9.2.1. There is a race condition that allows temporary access to an uploaded…
CVE-2023-35940 — CVSS 7.5 (high): GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check…
CVE-2016-7508 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authenticated remote attacker to execute arbitrary SQL commands by using a…
CVE-2025-66417 — CVSS 7.5 (high): GLPI is a free asset and IT management software package. From 11.0.0, < 11.0.3, an unauthenticated user can perform a SQL injection through…
CVE-2025-23046 — CVSS 7.5 (high): GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.18, if a "Mail servers"…
CVE-2025-24799 — CVSS 7.5 (high): GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory…
CVE-2013-2226 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the (1)…
CVE-2014-8360 — CVSS 7.5 (high): Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute…
CVE-2026-26027 — CVSS 7.5 (high): GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated user can store an XSS payload…
CVE-2025-64516 — CVSS 7.5 (high): GLPI is a free asset and IT management software package. Prior to 10.0.21 and 11.0.3, an unauthorized user can access GLPI documents…
CVE-2023-22500 — CVSS 7.5 (high): GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, prior to 10.0.6 are vulnerable to Incorrect…
CVE-2022-39371 — CVSS 7.5 (high): GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service…
CVE-2024-43416 — CVSS 7.5 (high): GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an unauthenticated user can…
CVE-2020-11035 — CVSS 7.5 (high): In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses…
CVE-2022-39323 — CVSS 7.4 (high): GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service…
CVE-2020-15175 — CVSS 7.4 (high): In GLPI before version 9.5.2, the `pluginimage.send.php` endpoint allows a user to specify an image from a plugin. The parameters can…
CVE-2020-11060 — CVSS 7.4 (high): In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be…
CVE-2022-24868 — CVSS 7.3 (high): GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing…
CVE-2024-37149 — CVSS 7.2 (high): GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software…
CVE-2020-5248 — CVSS 7.2 (high): GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance…
CVE-2023-46726 — CVSS 7.2 (high): GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, on PHP 7.4 only, the LDAP…
CVE-2024-47761 — CVSS 7.2 (high): GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an administrator with…
CVE-2026-25932 — CVSS 7.2 (high): GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS…
CVE-2026-29047 — CVSS 7.2 (high): GLPI is a free asset and IT management software package. From 10.0.0 to before 10.0.24 and 11.0.6, an authenticated user can perform a SQL…
CVE-2020-15108 — CVSS 7.1 (high): In glpi before 9.5.1, there is a SQL injection for all usages of "Clone" feature. This has been fixed in 9.5.1.
CVE-2024-29889 — CVSS 7.1 (high): GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability…
CVE-2021-21324 — CVSS 6.8 (medium): GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software…
CVE-2023-37278 — CVSS 6.8 (medium): GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software…
CVE-2021-39213 — CVSS 6.8 (medium): GLPI is a free Asset and IT management software package. Starting in version 9.1 and prior to version 9.5.6, GLPI with API Rest enabled is…
CVE-2012-4002 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI before 0.83.3 allows remote attackers to hijack the authentication of…
CVE-2013-5696 — CVSS 6.8 (medium): inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed…
CVE-2021-21258 — CVSS 6.8 (medium): GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software…
CVE-2022-31187 — CVSS 6.8 (medium): GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service…
CVE-2023-22722 — CVSS 6.8 (medium): GLPI is a Free Asset and IT Management Software package. Versions 9.4.0 and above, prior to 10.0.6 are subject to Cross-site Scripting. An…
CVE-2021-21327 — CVSS 6.8 (medium): GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software…
CVE-2020-11033 — CVSS 6.6 (medium): In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users…
CVE-2024-45610 — CVSS 6.5 (medium): GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software…
CVE-2024-45609 — CVSS 6.5 (medium): GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software…
CVE-2026-22044 — CVSS 6.5 (medium): GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can perform a SQL…
CVE-2021-39210 — CVSS 6.5 (medium): GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, the cookie used to store the autologin cookie (when a…
CVE-2023-23610 — CVSS 6.5 (medium): GLPI is a Free Asset and IT Management Software package. Versions prior to 9.5.12 and 10.0.6 are vulnerable to Improper Privilege…
CVE-2024-45608 — CVSS 6.5 (medium): GLPI is a free asset and IT management software package. An authenticated user can perfom a SQL injection by changing its preferences…
CVE-2024-43418 — CVSS 6.5 (medium): GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order…
CVE-2024-43417 — CVSS 6.5 (medium): GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order…
CVE-2024-41679 — CVSS 6.5 (medium): GLPI is a free asset and IT management software package. An authenticated user can exploit a SQL injection vulnerability from the ticket…
CVE-2024-41678 — CVSS 6.5 (medium): GLPI is a free asset and IT management software package. An unauthenticated user can provide a malicious link to a GLPI technician in order…
CVE-2023-34106 — CVSS 6.5 (medium): GLPI is a free asset and IT management software package. Versions of the software starting with 0.68 and prior to 10.0.8 have an incorrect…
CVE-2023-34107 — CVSS 6.5 (medium): GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an incorrect…
CVE-2023-34244 — CVSS 6.5 (medium): GLPI is a free asset and IT management software package. Starting in version 9.4.0 and prior to version 10.0.8, a malicious link can be…
CVE-2024-27937 — CVSS 6.5 (medium): GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software…
CVE-2024-23645 — CVSS 6.5 (medium): GLPI is a Free Asset and IT Management Software package. A malicious URL can be used to execute XSS on reports pages. Upgrade to 10.0.12.
CVE-2023-43813 — CVSS 6.5 (medium): GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, the saved search feature…
CVE-2023-42461 — CVSS 6.5 (medium): GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk…
CVE-2025-64520 — CVSS 6.5 (medium): GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with…
CVE-2025-59935 — CVSS 6.5 (medium): GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.21, an unauthenticated user…
CVE-2025-53111 — CVSS 6.5 (medium): GLPI is a Free Asset and IT Management Software package. In versions 0.80 through 10.0.18, a lack of permission checks can result in…
CVE-2025-53008 — CVSS 6.5 (medium): GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk…
CVE-2025-52897 — CVSS 6.5 (medium): GLPI is a Free Asset and IT Management Software package. In versions 9.1.0 through 10.0.18, an unauthenticated user can send a malicious…
CVE-2025-25192 — CVSS 6.5 (medium): GLPI is a free asset and IT management software package. Prior to version 10.0.18, a low privileged user can enable debug mode and access…
CVE-2014-9258 — CVSS 6.5 (medium): SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL…
CVE-2025-21627 — CVSS 6.5 (medium): GLPI is a free asset and IT management software package. In versions prior to 10.0.18, a malicious link can be crafted to perform a…
CVE-2012-1037 — CVSS 6.5 (medium): PHP remote file inclusion vulnerability in front/popup.php in GLPI 0.78 through 0.80.61 allows remote authenticated users to execute…
CVE-2024-27930 — CVSS 6.5 (medium): GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software…
CVE-2024-27098 — CVSS 6.4 (medium): GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software…
CVE-2013-2225 — CVSS 6.4 (medium): inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields…
CVE-2022-35945 — CVSS 6.3 (medium): GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service…
CVE-2021-21325 — CVSS 6.2 (medium): GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software…
CVE-2022-41941 — CVSS 6.2 (medium): GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, prior to 10.0.6, are subject to Cross-site Scripting…
CVE-2023-22724 — CVSS 6.2 (medium): GLPI is a Free Asset and IT Management Software package. Versions prior to 10.0.6 are subject to Cross-site Scripting via malicious RSS…
CVE-2023-22725 — CVSS 6.2 (medium): GLPI is a Free Asset and IT Management Software package. Versions 0.6.0 and above, prior to 10.0.6 are vulnerable to Cross-site Scripting…
CVE-2022-21719 — CVSS 6.1 (medium): GLPI is a free asset and IT management software package. All GLPI versions prior to 9.5.7 are vulnerable to reflected cross-site scripting…
CVE-2021-3486 — CVSS 6.1 (medium): GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execute JavaScript code.
CVE-2018-7563 — CVSS 6.1 (medium): An issue was discovered in GLPI through 9.2.1. The application is affected by XSS in the query string to front/preference.php. An attacker…
CVE-2023-28639 — CVSS 6.1 (medium): GLPI is a free asset and IT management software package. Starting in version 0.85 and prior to versions 9.5.13 and 10.0.7, a malicious link…
CVE-2020-11034 — CVSS 6.1 (medium): In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp…
CVE-2020-11062 — CVSS 6.0 (medium): In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in Dropdown endpoints due to an invalid Content-Type. This has been…
CVE-2023-51446 — CVSS 5.9 (medium): GLPI is a Free Asset and IT Management Software package. When authentication is made against a LDAP, the authentication form can be used to…
CVE-2019-13240 — CVSS 5.9 (medium): An issue was discovered in GLPI before 9.4.1. After a successful password reset by a user, it is possible to change that user's password…
CVE-2025-21626 — CVSS 5.8 (medium): GLPI is a free asset and IT management software package. Starting in version 0.71 and prior to version 10.0.18, an anonymous user can fetch…
CVE-2021-21255 — CVSS 5.8 (medium): GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software…
CVE-2024-45611 — CVSS 5.7 (medium): GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software…
CVE-2022-35946 — CVSS 5.5 (medium): GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service…
CVE-2022-24876 — CVSS 5.4 (medium): GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing…
CVE-2021-21314 — CVSS 5.4 (medium): GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software…
CVE-2025-53357 — CVSS 5.4 (medium): GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL…
CVE-2021-21312 — CVSS 5.4 (medium): GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software…
CVE-2019-1010307 — CVSS 5.4 (medium): GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS). The impact is: All dropdown values are vulnerable to XSS leading to…
CVE-2016-7509 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to inject arbitrary web script or HTML by…
CVE-2022-31068 — CVSS 5.3 (medium): GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software…
CVE-2020-15217 — CVSS 5.3 (medium): In GLPI before version 9.5.2, there is a leakage of user information through the public FAQ. The issue was introduced in version 9.5.0 and…
CVE-2023-41888 — CVSS 5.3 (medium): GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk…
CVE-2022-31143 — CVSS 5.3 (medium): GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service…
CVE-2024-27914 — CVSS 5.3 (medium): GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software…
CVE-2021-39211 — CVSS 5.3 (medium): GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint…
CVE-2023-53943 — CVSS 5.3 (medium): GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism that allows attackers to validate email…
CVE-2023-41323 — CVSS 5.3 (medium): GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk…
CVE-2024-38370 — CVSS 5.3 (medium): GLPI is a free asset and IT management software package. Starting in 9.2.0 and prior to 11.0.0, it is possible to download a document from…
CVE-2024-50339 — CVSS 5.3 (medium): GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user…
CVE-2022-39262 — CVSS 5.2 (medium): GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package, GLPI administrator can…
CVE-2020-15226 — CVSS 5.0 (medium): In GLPI before version 9.5.2, there is a SQL Injection in the API's search function. Not only is it possible to break the SQL syntax, but…
CVE-2011-2720 — CVSS 5.0 (medium): The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote…
CVE-2014-5032 — CVSS 5.0 (medium): GLPI before 0.84.7 does not properly restrict access to cost information, which allows remote attackers to obtain sensitive information via…
CVE-2023-41321 — CVSS 4.9 (medium): GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk…
CVE-2021-21313 — CVSS 4.9 (medium): GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software…
CVE-2022-39373 — CVSS 4.9 (medium): GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service…
CVE-2017-11183 — CVSS 4.9 (medium): front/backup.php in GLPI before 9.1.5 allows remote authenticated administrators to delete arbitrary files via a crafted file parameter.
CVE-2022-21720 — CVSS 4.9 (medium): GLPI is a free asset and IT management software package. Prior to version 9.5.7, an entity administrator is capable of retrieving normally…
CVE-2023-41322 — CVSS 4.9 (medium): GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk…
CVE-2024-47759 — CVSS 4.8 (medium): GLPI is a free Asset and IT management software package. An technician can upload a SVG containing a malicious script. The script will then…
CVE-2023-28852 — CVSS 4.8 (medium): GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 9.5.13 and 10.0.7, a user with…
CVE-2022-39234 — CVSS 4.7 (medium): GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service…
CVE-2022-24869 — CVSS 4.6 (medium): GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing…
CVE-2022-39277 — CVSS 4.5 (medium): GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service…
CVE-2022-39375 — CVSS 4.5 (medium): GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service…
CVE-2023-28636 — CVSS 4.5 (medium): GLPI is a free asset and IT management software package. Starting in version 0.60 and prior to versions 9.5.13 and 10.0.7, a vulnerability…
CVE-2025-27514 — CVSS 4.5 (medium): GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software…
CVE-2024-27104 — CVSS 4.5 (medium): GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software…
CVE-2020-27662 — CVSS 4.3 (medium): In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data…
CVE-2025-53112 — CVSS 4.3 (medium): GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing…
CVE-2025-23024 — CVSS 4.3 (medium): GLPI is a free asset and IT management software package. Starting in version 0.72 and prior to version 10.0.18, an anonymous user can…
CVE-2024-11955 — CVSS 4.3 (medium): A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown…
CVE-2024-37147 — CVSS 4.3 (medium): GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software…
CVE-2026-23624 — CVSS 4.3 (medium): GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.0.5, when remote…
CVE-2026-32312 — CVSS 4.3 (medium): GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, an authenticated user with forms READ…
CVE-2012-4003 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GLPI before 0.83.3 allow remote attackers to inject arbitrary web…
CVE-2020-27663 — CVSS 4.3 (medium): In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to…
CVE-2022-39370 — CVSS 4.3 (medium): GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service…
CVE-2026-22247 — CVSS 4.1 (medium): GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF…
CVE-2015-7685 — CVSS 4.0 (medium): GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the…
CVE-2023-28633 — CVSS 3.5 (low): GLPI is a free asset and IT management software package. Starting in version 0.84 and prior to versions 9.5.13 and 10.0.7, usage of RSS…
CVE-2025-52567 — CVSS 3.5 (low): GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software…
CVE-2019-1010310 — CVSS 3.5 (low): GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder…
CVE-2022-39276 — CVSS 3.5 (low): GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service…
CVE-2022-36112 — CVSS 3.5 (low): GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service…
CVE-2022-39372 — CVSS 3.5 (low): GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service…
CVE-2025-53113 — CVSS 2.7 (low): GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL…
CVE-2022-39376 — CVSS 2.6 (low): GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service…