Filter
-Infinity
0

Trending

Last week
Last month
Last year

GLPIGLPI allows unauthorized access to debug mode

medium
6.5
EPSS
0.04%
First published (updated )
CVE-2025-25192

GLPIGLPI vulnerable to unauthorized authentication by email using the OAuthIMAP plugin

high
7.5
First published (updated )
CVE-2025-23046

GLPIGLPI: Plugins are disabled accessing one page

medium
6.9
First published (updated )
CVE-2025-23024

GLPIGLPI Cross-site Scripting vulnerability

medium
6.5
First published (updated )
CVE-2025-21627

GLPIGLPI vulnerable to exposure of sensitive information in the `status.php` endpoint

medium
6.5
First published (updated )
CVE-2025-21626

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

GLPIGLPI index.php redirect

medium
6.1
First published (updated )
CVE-2024-11955

GLPIGLPI vulnerable to unauthenticated session hijacking

critical
9.3
First published (updated )
CVE-2024-50339

GLPIGLPI vulnerable to authenticated insecure account deletion

high
8.1
EPSS
0.07%
First published (updated )
CVE-2024-48912

GLPIGLPI vulnerable to account takeover via the password reset feature

high
7.5
First published (updated )
CVE-2024-47761

GLPIGLPI vulnerable to account takeover via API

high
8.8
First published (updated )
CVE-2024-47760

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

GLPIGLPI vulnerable to account takeover without privilege escalation through the API

high
8.8
First published (updated )
CVE-2024-47758

GLPIGLPI vulnerable to enumeration of users' email addresses by unauthenticated user

high
7.5
First published (updated )
CVE-2024-43416

GLPIGLPI allows API document download without rights

high
7.5
First published (updated )
CVE-2024-38370

GLPIGLPI has a stored XSS at src/RSSFeed.php

medium
5.7
First published (updated )
CVE-2024-45611

GLPIGLPI has a reflected XSS in ajax/cable.php

medium
6.5
First published (updated )
CVE-2024-45610

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

GLPIGLPI has a Reflected XSS in /front/stat.graph.php

medium
6.5
First published (updated )
CVE-2024-45609

GLPIGLPI has an Authenticated SQL Injection

high
8.8
First published (updated )
CVE-2024-45608

GLPIGLPI has multiple reflected XSS

medium
6.5
First published (updated )
CVE-2024-43418

GLPIReflected XSS in Software form

medium
6.5
First published (updated )
CVE-2024-43417

GLPIAuthenticated SQL injection in ticket form

high
8.8
First published (updated )
CVE-2024-41679

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

GLPIGLPI has multiple reflected XSS

medium
6.5
First published (updated )
CVE-2024-41678

GLPIGLPI allows account takeover via SQL Injection in AJAX scripts

high
8.8
First published (updated )
CVE-2024-40638

GLPIGLPI has a stored XSS via document upload

medium
6.7
First published (updated )
CVE-2024-47759

GLPIGLPI allows remote code execution through the plugin loader

high
8.8
First published (updated )
CVE-2024-37149

GLPIGLPI allows account takeover via SQL Injection in AJAX scripts

high
8.1
First published (updated )
CVE-2024-37148

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

GLPIGLPI allows Authenticated File Upload to Restricted Tickets

medium
4.3
First published (updated )
CVE-2024-37147

GLPIGLPI contains an authenticated SQL injection

high
7.7
First published (updated )
CVE-2024-31456

GLPIGLPI contains an SQL injection through the saved searches

high
8.1
First published (updated )
CVE-2024-29889

GLPI AgentGlPI-Agent MSI package installation doesn't update folder security profile when using non default installation folder

high
7.8
First published (updated )
CVE-2024-28241

GLPI AgentGLPI-Agent's MSI package installation permits local users to change Agent configuration

high
7.8
First published (updated )
CVE-2024-28240

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203