CVE-2026-48188

OTRS (including the ((OTRS)) Community Edition) has a SQL injection in the database layer module that allows unauthenticated access to bypass authentication, triggered when MySQL/MariaDB is configured with NO_BACKSLASH_ESCAPES. Affected versions include 7.0.X, 8.0.X, 2023.X, 2024.X, 2025.X, and 2...

EUVD-2024-41425

Malicious code in bioql PyPI...

EUVD-2024-41426

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-43443

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Neutralization of Input done by an attacker with admin privileges 'Cross-site Scripting' in Process Management modules of OTRS and OTRS Community Editi...

Linux Distros Unpatched Vulnerability : CVE-2021-21441

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Atta...

Linux Distros Unpatched Vulnerability : CVE-2020-1772

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Tokens, generated by users which alread...

Linux Distros Unpatched Vulnerability : CVE-2019-18180

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Check for filenames with overly long extensions in PostMaster sending in email or uploading files e.g. attaching files to mails of OTRS Community Editi...

The vulnerability of the OTRS request processing system, related to incorrect handling of HTTP request headers, allows a hacker to upload arbitrary files.

The vulnerability of the OTRS request processing system is related to the improper handling of HTTP request headers due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to upload arbitrary files...

The vulnerability of the OTRS request processing system arises from the lack of measures taken to protect the website structure. This allows attackers to carry out XSS attacks.

The vulnerability of the OTRS request processing system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

SUSE CVE-2010-4071

Cross-site scripting XSS vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail...

SUSE CVE-2021-21443

Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG OTRS Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27...

CVE-2022-32739

When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number...

PT-2020-15051 · Otrs +1 · Otrs +2

Name of the Vulnerable Software and Affected Versions: OTRS Community Edition versions prior to 5.0.42 OTRS Community Edition versions prior to 6.0.27 OTRS versions prior to 7.0.16 Description: The issue arises when a user downloads PGP or S/MIME keys/certificates, and the exported file has the...

OTRS Information Disclosure Vulnerability (CNVD-2020-24029)

Open-source Ticket Request System OTRS is an open-source defect tracking and management system software from the German OTRS Group. The software categorizes service requests submitted through various channels such as phone calls, emails, etc. into different queues and service levels, and the...

OTRS Cross-Site Scripting Vulnerability

Open-source Ticket Request System OTRS is an open-source defect tracking and management system software from the German OTRS Group. The software categorizes service requests submitted through various channels such as phone calls, emails, etc. into different queues and service levels, and the...

DEBIAN-CVE-2020-1773

An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords. This issue affects OTRS Community Edition:...

UBUNTU-CVE-2020-1769

In the login screens in agent and customer interface, Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: OTRS Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions...

Open-source Ticket Request System Help Desk Privilege Vulnerability

Open-source Ticket Request System OTRS is an open-source defect tracking and management system software from the German OTRS Group. The software categorizes service requests submitted through various channels such as phone calls, emails, etc. into different queues and service levels, and the...

Open-source Ticket Request System Unauthorized Access Vulnerability

Open Ticket Request System OTRS is an open source defect tracking and management system software from the German OTRS Group. The software categorizes service requests submitted through various channels such as phone calls, emails, etc. into different queues and service levels, and the service...

DEBIAN-CVE-2017-16921

In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters related to PGP and execute arbitrary shell commands with the permissions of the OTRS or web...