EUVD-2020-18663

Malware in sbrugna...

EUVD-2023-33404

Malicious code in bioql PyPI...

CVE-2022-48023

Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags...

CVE-2020-26033

An issue was discovered in Zammad before 3.4.1. The Tag and Link REST API endpoints for add and delete lack a CSRF token check...

CVE-2025-32357

In Zammad 6.4.x before 6.4.2, an authenticated agent with knowledge base permissions was able to use the Zammad API to fetch knowledge base content that they have no permission for...

PT-2023-22455 · Zammad · Zammad

Name of the Vulnerable Software and Affected Versions: Zammad versions 5.3.x through 5.3.x Description: The issue allows an authenticated attacker to gain information about linked accounts of users involved in their tickets using the Zammad API. This is due to Incorrect Access Control...

CVE-2022-48023

Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags...

CVE-2022-48023

Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags...

CVE-2022-48023

Zammad CVE-2022-48023: A privilege-verification flaw in Zammad v5.3.0 permits an authenticated user to modify ticket tags via the API. The issue is corrected in v5.3.1, restricting tag changes to agents with write permissions. The available documents do not provide exploitation details. If using ...