| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-29047 | GLPI has an Authenticated SQL Injection via log exports | glpi-project | glpi | High | 7.2 | 2026-04-06 14:39:16 | Deep Dive |
| CVE-2026-26263 | GLPI has an Unauthenticated SQL Injection via Search engine | glpi-project | glpi | High | 8.1 | 2026-04-06 14:36:57 | Deep Dive |
| CVE-2026-26027 | GLPI has an Unauthenticated Stored XSS via inventory | glpi-project | glpi | High | 7.5 | 2026-04-06 14:35:54 | Deep Dive |
| CVE-2026-26026 | GLPI has a Server-Side Template Injection via Double-Compilation | glpi-project | glpi | Critical | 9.1 | 2026-04-06 14:33:05 | Deep Dive |
| CVE-2026-25932 | GLPI has Stored XSS in Supplier 'Website' field | glpi-project | glpi | High | 7.2 | 2026-04-06 14:31:02 | Deep Dive |
| CVE-2026-26001 | GLPI Inventory Plugin has SQL Injection on dropdown_calendar Report | glpi-project | glpi-inventory-plugin | High | 7.1 | 2026-03-17 23:18:01 | Deep Dive |
| CVE-2026-25937 | GLPI has a MFA bypass | glpi-project | glpi | Medium | 6.5 | 2026-03-17 23:16:38 | Deep Dive |
| CVE-2026-25936 | GLPI Vulnerable to Authenticated SQL Injection | glpi-project | glpi | Medium | 6.5 | 2026-03-17 19:41:32 | Deep Dive |
| CVE-2026-22248 | GLPI affected by Remote Code Execution via malicious upload | glpi-project | glpi | High | 8.0 | 2026-03-11 15:27:05 | Deep Dive |
| CVE-2026-25590 | GLPI Inventory Plugin has Reflected XSS in task jobs | glpi-project | glpi-inventory-plugin | Medium | 4.5 | 2026-03-03 22:14:02 | Deep Dive |
| CVE-2026-22044 | GLPI is Vulnerable to Authenticated SQL Injection | glpi-project | glpi | Medium | 6.5 | 2026-02-04 17:15:39 | Deep Dive |
| CVE-2026-23624 | GLPI is vulnerable to session stealing on externally authenticated user change | glpi-project | glpi | Medium | 4.3 | 2026-02-04 17:15:34 | Deep Dive |
| CVE-2026-22247 | GLPI is Vulnerable to SSRF via Webhooks | glpi-project | glpi | Medium | 4.1 | 2026-02-04 17:10:30 | Deep Dive |
| CVE-2025-66417 | GLPI has an unauthenticated SQL injection through the inventory endpoint | glpi-project | glpi | High | 7.5 | 2026-01-15 16:25:03 | Deep Dive |
| CVE-2025-64516 | GLPI incorrectly authorizes access to documents | glpi-project | glpi | High | 7.5 | 2026-01-15 16:01:03 | Deep Dive |
| CVE-2023-53943 | GLPI 9.5.7 Username Enumeration Vulnerability via Lost Password Endpoint | Glpi-Project | GLPI | Medium | 5.3 | 2025-12-18 19:53:36 | Deep Dive |
| CVE-2025-64520 | GLPI vulnerable to unauthorized access to restricted Knowledge Base items through the API | glpi-project | glpi | Medium | 6.5 | 2025-12-16 21:59:03 | Deep Dive |
| CVE-2025-59935 | GLPI Vulnerable to Unauthenticated Stored XSS on the Inventory page | glpi-project | glpi | Medium | 6.5 | 2025-12-16 16:34:46 | Deep Dive |
| CVE-2025-32786 | GLPI Inventory Plugin is Vulnerable to Unauthenticated SQL Injection | glpi-project | glpi-inventory-plugin | High | 7.5 | 2025-11-04 20:18:44 | Deep Dive |
| CVE-2025-53105 | GLPI permits unauthorized rules execution order | glpi-project | glpi | High | 7.5 | 2025-08-27 14:40:36 | Deep Dive |