Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

GLPI — Vulnerabilities & Security Advisories 155

All 155 CVE vulnerabilities found in GLPI, with AI-generated Chinese analysis, references, and POCs.

Vendor: INDEPNET Development Team

CVE IDTitleCVSSSeverityPaused
CVE-2026-29047 GLPI has an Authenticated SQL Injection via log exports CWE-89 7.2 High2026-04-06
CVE-2026-26263 GLPI has an Unauthenticated SQL Injection via Search engine CWE-89 8.1 High2026-04-06
CVE-2026-26027 GLPI has an Unauthenticated Stored XSS via inventory CWE-79 7.5 High2026-04-06
CVE-2026-26026 GLPI has a Server-Side Template Injection via Double-Compilation CWE-94 9.1 Critical2026-04-06
CVE-2026-25932 GLPI has Stored XSS in Supplier 'Website' field CWE-116 7.2 High2026-04-06
CVE-2026-25937 GLPI has a MFA bypass CWE-287 6.5 Medium2026-03-17
CVE-2026-25936 GLPI Vulnerable to Authenticated SQL Injection CWE-89 6.5 Medium2026-03-17
CVE-2026-22248 GLPI affected by Remote Code Execution via malicious upload CWE-502 8.1 High2026-03-11
CVE-2026-22044 GLPI is Vulnerable to Authenticated SQL Injection CWE-89 6.5 Medium2026-02-04
CVE-2026-23624 GLPI is vulnerable to session stealing on externally authenticated user change CWE-384 4.3 Medium2026-02-04
CVE-2026-22247 GLPI is Vulnerable to SSRF via Webhooks CWE-918 4.1 Medium2026-02-04
CVE-2025-66417 GLPI has an unauthenticated SQL injection through the inventory endpoint CWE-89 7.5 High2026-01-15
CVE-2025-64516 GLPI incorrectly authorizes access to documents CWE-284 7.5 High2026-01-15
CVE-2023-53943 GLPI 9.5.7 Username Enumeration Vulnerability via Lost Password Endpoint CWE-203 5.3 Medium2025-12-18
CVE-2025-64520 GLPI vulnerable to unauthorized access to restricted Knowledge Base items through the API CWE-862 6.5 Medium2025-12-16
CVE-2025-59935 GLPI Vulnerable to Unauthenticated Stored XSS on the Inventory page CWE-79 6.5 Medium2025-12-16
CVE-2025-53105 GLPI permits unauthorized rules execution order CWE-269 7.5 High2025-08-27
CVE-2025-53357 GLPI permits reservation modification by unauthorized users CWE-639 5.4 Medium2025-07-30
CVE-2025-53113 GLPI technicians can access unauthorized information through external links CWE-284 2.7 Low2025-07-30
CVE-2025-53112 GLPI's incomprehensive permission checks can lead to data removal from allowed users CWE-284 4.3 Medium2025-07-30
CVE-2025-53111 GLPI exposes data to non-allowed users CWE-284 6.5 Medium2025-07-30
CVE-2025-53008 GLPI's MailCollector Receiver is vulnerable to credential exfiltration CWE-522 6.5 Medium2025-07-30
CVE-2025-52897 GLPI is vulnerable to XSS and open redirection attacks through planning feature CWE-80 6.5 Medium2025-07-30
CVE-2025-52567 GLPI has overly permissive URL verification CWE-918 3.5 Low2025-07-30
CVE-2025-27514 GLPI is susceptible to Stored XSS attack through project's kanban CWE-80 4.5 Medium2025-07-29
CVE-2025-24801 GLPI allows authenticated remote code execution CWE-434 8.6 High2025-03-18
CVE-2025-24799 GLPI allows unauthenticated SQL injection through the inventory endpoint CWE-89 7.5 High2025-03-18
CVE-2025-21619 GLPI allows SQL injection through the rules configuration CWE-89 7.2 -2025-03-18
CVE-2025-25192 GLPI allows unauthorized access to debug mode CWE-200 6.5 Medium2025-02-25
CVE-2025-23046 GLPI vulnerable to unauthorized authentication by email using the OAuthIMAP plugin CWE-303 8.8 -2025-02-25

All 155 known CVE vulnerabilities affecting GLPI with full Chinese analysis, references, and POCs where available.