Vulnerabilidades em glpi-project
168 resultadosCVE-2026-22248HIGHGLPI affected by Remote Code Execution via malicious uploadEPSS 0.3%CVE-2024-45611MEDIUMGLPI has a stored XSS at src/RSSFeed.phpEPSS 0.3%CVE-2023-53943MEDIUMGLPI 9.5.7 Username Enumeration Vulnerability via Lost Password EndpointEPSS 0.3%CVE-2026-25937MEDIUMGLPI has a MFA bypassEPSS 0.3%CVE-2026-42318HIGHGLPI Vulnerable to Arbitrary Item Deletion via Planning EndpointEPSS 0.3%CVE-2026-25932HIGHGLPI has Stored XSS in Supplier 'Website' fieldEPSS 0.3%CVE-2025-64516HIGHGLPI incorrectly authorizes access to documentsEPSS 0.3%CVE-2026-40108HIGHGLPI Vulnerable to Stored XSS in ITIL CostsEPSS 0.3%CVE-2026-22044MEDIUMGLPI is Vulnerable to Authenticated SQL InjectionEPSS 0.3%CVE-2025-23024MEDIUMGLPI: Plugins are disabled accessing one pageEPSS 0.3%CVE-2026-44281HIGHGLPI vulnerable to unauthorized reading of a specific asset objectEPSS 0.3%CVE-2025-59935MEDIUMGLPI Vulnerable to Unauthenticated Stored XSS on the Inventory pageEPSS 0.2%CVE-2026-42320MEDIUMGLPI vulnerable to arbitrary file accessEPSS 0.2%CVE-2025-53111MEDIUMGLPI exposes data to non-allowed usersEPSS 0.2%CVE-2025-53008MEDIUMGLPI's MailCollector Receiver is vulnerable to credential exfiltrationEPSS 0.2%CVE-2024-28240HIGHGLPI-Agent's MSI package installation permits local users to change Agent configurationEPSS 0.2%CVE-2026-32312MEDIUMGLPI: Unauthorized export of form structureEPSS 0.2%CVE-2024-28241HIGHGlPI-Agent MSI package installation doesn't update folder security profile when using non default installation folderEPSS 0.2%CVE-2025-53113LOWGLPI technicians can access unauthorized information through external linksEPSS 0.2%CVE-2026-26001HIGHGLPI Inventory Plugin has SQL Injection on dropdown_calendar ReportEPSS 0.2%