CVE-2026-34782 Zammad has improper access control in AI assistance controller for text tools

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the REST endpoint POST /api/v1/aiassistance/texttools/:id was not checking if a user is privileged to use the text tool, resulting in being able to use it in all situations. This vulnerability is fixed i...

EUVD-2026-20564

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, a server-side template injection vulnerability which leads to RCE via AI Agent exists. Impact is limited to environments where an attacker can control or influence typeenrichmentdata typically high-privilege...

CVE-2026-34721 Zammad has Cross-site request forgery (CSRF) in OAuth callback endpoints

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the OAuth callback endpoints for Microsoft, Google, and Facebook external credentials do not validate a CSRF state parameter. This vulnerability is fixed in 7.0.1 and 6.5.4...

EUVD-2026-20560

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the SSO mechanism in Zammad was not verifying the header originates from a trusted SSO proxy/gateway before applying further actions on it. This vulnerability is fixed in 7.0.1 and 6.5.4...

EUVD-2026-20559

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the webhook model was missing a proper validation for loop back addresses, or link-local addresses — only the URL scheme HTTP/HTTPS as well as the hostname was checked. This could end up in retrieving...

Zammad 安全漏洞

Zammad is a ticketing management software developed by the German company Zammad. Versions of Zammad prior to 7.0.1 contained security vulnerabilities. These vulnerabilities stemmed from failed authorization at REST endpoints, which could allow unauthorized data to appear in AI notifications...

CVE-2026-39312 Pre-Auth EAP-TLS DoS on SoftEther VPN Developer Edition

SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. In 5.2.5188 and earlier, a pre-authentication denial-of-service vulnerability exists in SoftEther VPN Developer Edition 5.2.5188 and likely earlier versions of Developer Edition. An unauthenticated remote attacker can cra...

OESA-2026-1237 python-filelock security update

This package contains a single module, which implements a platform independent file locking mechanism for Python. Security Fixes: filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of th...

CVE-2026-21923

Vulnerability in the Oracle Life Sciences Central Designer product of Oracle Health Sciences Applications component: Platform. The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life...

EUVD-2025-27442

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-51489

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens...

PT-2025-36760

Name of the Vulnerable Software and Affected Versions: LiteSpeed Cache versions n/a through 7.0.1 Description: A Server-Side Request Forgery SSRF vulnerability exists in LiteSpeed Cache. This issue allows for potentially malicious requests to be made from the server. Recommendations: Update...

CVE-2023-23778

A relative path traversal vulnerability CWE-23 in FortiWeb version 7.0.1 and below, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated user to obtain unauthorized access to files and data via specifically crafted web requests...

Fortinet FortiWeb SQL注入漏洞

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, and other attacks to secure web applications and protect sensitive database content. A SQL injection vulnerability exists in...

PT-2024-33283 · Znuny +1 · Znuny +1

Name of the Vulnerable Software and Affected Versions: Znuny versions prior to 6.5.1 through 6.5.10 Znuny versions 7.0.1 through 7.0.16 Description: The issue allows for XSS, where JavaScript code in the short description of the SLA field in Activity Dialogues is executed. Recommendations: For...

SUSE CVE-2016-0332

IBM Security Identity Manager ISIM Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. IBM X-Force ID: 111695...

WordPress Woocommerce OpenPos plugin <= 7.0.1 - Unauthenticated Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Woocommerce OpenPos versions = 7.0.1...

CVE-2023-40720

An authorization bypass through user-controlled key vulnerability CWE-639 in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests...

OTCMS SQL Injection Vulnerability

OTCMS Nettie CMS is an article-based web content management system CMS. A SQL injection vulnerability exists in OTCMS version 7.01, which originates from the parameter sqlContent in the file /admin/indbackstage.php that can lead to SQL injection...

OpenEMR 授权问题漏洞

OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. An authorization issue vulnerability previously existed in OpenEMR version 7.0.1. ...