| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-54780 | glpi-screenshot-plugin exposes local files in /ajax/screenshot.php | cconard96 | glpi-screenshot-plugin | High | 7.7 | 2025-08-05 00:08:38 | Deep Dive |
| CVE-2025-53357 | GLPI permits reservation modification by unauthorized users | glpi-project | glpi | Medium | 5.4 | 2025-07-30 14:17:59 | Deep Dive |
| CVE-2025-53113 | GLPI technicians can access unauthorized information through external links | glpi-project | glpi | Low | 2.7 | 2025-07-30 14:16:37 | Deep Dive |
| CVE-2025-53112 | GLPI's incomprehensive permission checks can lead to data removal from allowed users | glpi-project | glpi | Medium | 4.3 | 2025-07-30 14:15:22 | Deep Dive |
| CVE-2025-53111 | GLPI exposes data to non-allowed users | glpi-project | glpi | Medium | 6.5 | 2025-07-30 14:14:26 | Deep Dive |
| CVE-2025-53008 | GLPI's MailCollector Receiver is vulnerable to credential exfiltration | glpi-project | glpi | Medium | 6.5 | 2025-07-30 14:09:59 | Deep Dive |
| CVE-2025-52897 | GLPI is vulnerable to XSS and open redirection attacks through planning feature | glpi-project | glpi | Medium | 6.5 | 2025-07-30 14:07:59 | Deep Dive |
| CVE-2025-52567 | GLPI has overly permissive URL verification | glpi-project | glpi | Low | 3.5 | 2025-07-30 14:07:15 | Deep Dive |
| CVE-2025-27514 | GLPI is susceptible to Stored XSS attack through project's kanban | glpi-project | glpi | Medium | 4.5 | 2025-07-29 17:39:29 | Deep Dive |
| CVE-2025-27147 | GLPI Inventory plugin has Improper Access Control Vulnerability | glpi-project | glpi-inventory-plugin | High | 8.2 | 2025-03-25 14:26:45 | Deep Dive |
| CVE-2025-24801 | GLPI allows authenticated remote code execution | glpi-project | glpi | High | 8.5 | 2025-03-18 18:32:06 | Deep Dive |
| CVE-2025-24799 | GLPI allows unauthenticated SQL injection through the inventory endpoint | glpi-project | glpi | High | 7.5 | 2025-03-18 18:27:55 | Deep Dive |
| CVE-2025-21619 | GLPI allows SQL injection through the rules configuration | glpi-project | glpi | 中危 | - | 2025-03-18 18:25:13 | Deep Dive |
| CVE-2025-26626 | GLPI Inventory Plugin vulnerable to reflective Cross-site Scripting | glpi-project | glpi-inventory-plugin | Medium | 6.5 | 2025-03-14 12:47:14 | Deep Dive |
| CVE-2025-25192 | GLPI allows unauthorized access to debug mode | glpi-project | glpi | Medium | 6.5 | 2025-02-25 17:58:20 | Deep Dive |
| CVE-2025-23046 | GLPI vulnerable to unauthorized authentication by email using the OAuthIMAP plugin | glpi-project | glpi | 中危 | - | 2025-02-25 17:48:18 | Deep Dive |
| CVE-2025-23024 | GLPI: Plugins are disabled accessing one page | glpi-project | glpi | 中危 | - | 2025-02-25 15:47:33 | Deep Dive |
| CVE-2025-21627 | GLPI Cross-site Scripting vulnerability | glpi-project | glpi | Medium | 6.5 | 2025-02-25 15:43:35 | Deep Dive |
| CVE-2025-21626 | GLPI vulnerable to exposure of sensitive information in the `status.php` endpoint | glpi-project | glpi | Medium | 5.8 | 2025-02-25 15:37:28 | Deep Dive |
| CVE-2024-11955 | GLPI index.php redirect | - | GLPI | Medium | 4.3 | 2025-02-25 15:07:57 | Deep Dive |