| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-50339 | GLPI vulnerable to unauthenticated session hijacking | glpi-project | glpi | 中危 | - | 2024-12-11 17:48:42 | Deep Dive |
| CVE-2024-48912 | GLPI vulnerable to authenticated insecure account deletion | glpi-project | glpi | 中危 | - | 2024-12-11 17:03:10 | Deep Dive |
| CVE-2024-47761 | GLPI vulnerable to account takeover via the password reset feature | glpi-project | glpi | 中危 | - | 2024-12-11 17:00:49 | Deep Dive |
| CVE-2024-47760 | GLPI vulnerable to account takeover via API | glpi-project | glpi | 中危 | - | 2024-12-11 16:56:58 | Deep Dive |
| CVE-2024-47758 | GLPI vulnerable to account takeover without privilege escalation through the API | glpi-project | glpi | 中危 | - | 2024-12-11 15:50:22 | Deep Dive |
| CVE-2024-43416 | GLPI vulnerable to enumeration of users' email addresses by unauthenticated user | glpi-project | glpi | High | 7.5 | 2024-11-18 16:27:06 | Deep Dive |
| CVE-2024-38370 | GLPI allows API document download without rights | glpi-project | glpi | Medium | 5.3 | 2024-11-15 21:12:57 | Deep Dive |
| CVE-2024-45611 | GLPI has a stored XSS at src/RSSFeed.php | glpi-project | glpi | Medium | 5.7 | 2024-11-15 20:16:18 | Deep Dive |
| CVE-2024-45610 | GLPI has a reflected XSS in ajax/cable.php | glpi-project | glpi | Medium | 6.5 | 2024-11-15 20:14:34 | Deep Dive |
| CVE-2024-45609 | GLPI has a Reflected XSS in /front/stat.graph.php | glpi-project | glpi | Medium | 6.5 | 2024-11-15 20:02:33 | Deep Dive |
| CVE-2024-45608 | GLPI has an Authenticated SQL Injection | glpi-project | glpi | Medium | 6.5 | 2024-11-15 18:24:48 | Deep Dive |
| CVE-2024-43418 | GLPI has multiple reflected XSS | glpi-project | glpi | Medium | 6.5 | 2024-11-15 18:23:32 | Deep Dive |
| CVE-2024-43417 | Reflected XSS in Software form | glpi-project | glpi | Medium | 6.5 | 2024-11-15 18:22:04 | Deep Dive |
| CVE-2024-41679 | Authenticated SQL injection in ticket form | glpi-project | glpi | Medium | 6.5 | 2024-11-15 18:20:44 | Deep Dive |
| CVE-2024-41678 | GLPI has multiple reflected XSS | glpi-project | glpi | Medium | 6.5 | 2024-11-15 18:08:47 | Deep Dive |
| CVE-2024-40638 | GLPI allows account takeover via SQL Injection in AJAX scripts | glpi-project | glpi | High | 8.1 | 2024-11-15 18:06:37 | Deep Dive |
| CVE-2024-47759 | GLPI has a stored XSS via document upload | glpi-project | glpi | - | - | 2024-11-15 17:42:01 | Deep Dive |
| CVE-2024-37149 | GLPI allows remote code execution through the plugin loader | glpi-project | glpi | High | 7.2 | 2024-07-10 19:20:36 | Deep Dive |
| CVE-2024-37148 | GLPI allows account takeover via SQL Injection in AJAX scripts | glpi-project | glpi | High | 8.1 | 2024-07-10 19:18:09 | Deep Dive |
| CVE-2024-37147 | GLPI allows Authenticated File Upload to Restricted Tickets | glpi-project | glpi | Medium | 4.3 | 2024-07-10 18:38:38 | Deep Dive |