| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-28241 | GlPI-Agent MSI package installation doesn't update folder security profile when using non default installation folder | glpi-project | glpi-agent | High | 7.3 | 2024-04-25 16:44:52 | Deep Dive |
| CVE-2024-28240 | GLPI-Agent's MSI package installation permits local users to change Agent configuration | glpi-project | glpi-agent | High | 7.3 | 2024-04-25 16:37:32 | Deep Dive |
| CVE-2024-27914 | Reflected Cross-Site Scripting (XSS) in search engine when debug mode is enabled in GLPI | glpi-project | glpi | Medium | 5.3 | 2024-03-18 16:19:00 | Deep Dive |
| CVE-2024-27104 | Stored XSS in dashboards in GLPI | glpi-project | glpi | Medium | 4.5 | 2024-03-18 16:16:39 | Deep Dive |
| CVE-2024-27098 | Blind Server-Side Request Forgery (SSRF) using Arbitrary Object Instantiation in GLPI | glpi-project | glpi | Medium | 6.4 | 2024-03-18 16:14:19 | Deep Dive |
| CVE-2024-27096 | SQL Injection in through the search engine | glpi-project | glpi | High | 7.7 | 2024-03-18 16:11:08 | Deep Dive |
| CVE-2024-27930 | Sensitive fields access through dropdowns in GLPI | glpi-project | glpi | Medium | 6.5 | 2024-03-18 15:29:11 | Deep Dive |
| CVE-2024-27937 | glpi Users emails enumeration | glpi-project | glpi | Medium | 6.5 | 2024-03-18 15:17:18 | Deep Dive |
| CVE-2023-51446 | GLPI LDAP Injection during authentication | glpi-project | glpi | Medium | 5.9 | 2024-02-01 15:25:01 | Deep Dive |
| CVE-2024-23645 | GLPI reflected XSS in reports pages | glpi-project | glpi | Medium | 6.5 | 2024-02-01 15:24:57 | Deep Dive |
| CVE-2023-46727 | GLPI SQL injection through inventory agent request | glpi-project | glpi | High | 8.6 | 2023-12-13 18:26:36 | Deep Dive |
| CVE-2023-46726 | GLPI Remote code execution from LDAP server configuration form on PHP 7.4 | glpi-project | glpi | High | 7.2 | 2023-12-13 18:25:06 | Deep Dive |
| CVE-2023-43813 | glpi Authenticated SQL Injection | glpi-project | glpi | Medium | 6.5 | 2023-12-13 18:17:21 | Deep Dive |
| CVE-2023-42802 | GLPI vulnerable to unallowed PHP script execution | glpi-project | glpi | Critical | 10.0 | 2023-11-02 13:32:34 | Deep Dive |
| CVE-2023-42462 | File deletion through document upload process in GLPI | glpi-project | glpi | High | 7.7 | 2023-09-26 22:46:27 | Deep Dive |
| CVE-2023-42461 | SQL injection in ITIL actors in GLPI | glpi-project | glpi | Medium | 6.5 | 2023-09-26 22:45:26 | Deep Dive |
| CVE-2023-41888 | Phishing through a login page malicious URL in GLPI | glpi-project | glpi | Medium | 5.3 | 2023-09-26 22:44:02 | Deep Dive |
| CVE-2023-41326 | Account takeover via Kanban feature in GLPI | glpi-project | glpi | High | 8.1 | 2023-09-26 22:40:50 | Deep Dive |
| CVE-2023-41324 | Account takeover through API in GLPI | glpi-project | glpi | High | 8.1 | 2023-09-26 22:37:36 | Deep Dive |
| CVE-2023-41323 | Users login enumeration by unauthenticated user in GLPI | glpi-project | glpi | Medium | 5.3 | 2023-09-26 22:35:37 | Deep Dive |