Exposure of GLPI

CRM, Web frameworks

51

exposure score

131

sites use

0

exploited

8

critical

CVEs

163 results

CVE-2025-21619HIGHGLPI allows SQL injection through the rules configurationEPSS 0.4%CVE-2022-39372LOWStored Cross-Site Scripting (XSS) in user information in GLPIEPSS 0.4%CVE-2024-43418MEDIUMGLPI has multiple reflected XSSEPSS 0.4%CVE-2025-21626MEDIUMGLPI vulnerable to exposure of sensitive information in the `status.php` endpointEPSS 0.4%CVE-2026-29047HIGHGLPI has an Authenticated SQL Injection via log exportsEPSS 0.4%CVE-2022-39234MEDIUMuser session persists even after permanently deleting account in GLPIEPSS 0.4%CVE-2026-23624MEDIUMGLPI is vulnerable to session stealing on externally authenticated user changeEPSS 0.4%CVE-2026-26026CRITICALGLPI has a Server-Side Template Injection via Double-CompilationEPSS 0.4%CVE-2024-43417MEDIUMReflected XSS in Software formEPSS 0.4%CVE-2024-38370MEDIUMGLPI allows API document download without rightsEPSS 0.4%CVE-2026-42317HIGHGLPI vulnerable to arbitrary files deletion by technicianEPSS 0.3%CVE-2026-42321HIGHGLPI has stored XSS in asset locksEPSS 0.3%CVE-2026-25936MEDIUMGLPI Vulnerable to Authenticated SQL InjectionEPSS 0.3%CVE-2024-45609MEDIUMGLPI has a Reflected XSS in /front/stat.graph.phpEPSS 0.3%CVE-2024-45610MEDIUMGLPI has a reflected XSS in ajax/cable.phpEPSS 0.3%CVE-2025-21627MEDIUMGLPI Cross-site Scripting vulnerabilityEPSS 0.3%CVE-2025-53105HIGHGLPI permits unauthorized rules execution orderEPSS 0.3%CVE-2020-11031HIGHInsecure encryption algorithm in GLPIEPSS 0.3%CVE-2026-22247MEDIUMGLPI is Vulnerable to SSRF via WebhooksEPSS 0.3%CVE-2026-22248HIGHGLPI affected by Remote Code Execution via malicious uploadEPSS 0.3%

← previouspage 7 / 9next →

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →