CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

99 matches found

RedhatCVE•added 2026/06/05 7:38 p.m.•4 views

CVE-2026-34722

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the used endpoint for ticket creation was missing authorization if the related parameter for adding links is used. This vulnerability is fixed in 7.0.1 and 6.5.4...

6.9CVSS5.4AI score0.00167EPSS

Exploits0References1

NVD•added 2026/04/08 7:25 p.m.•4 views

CVE-2026-34837

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, he REST endpoint POST /api/v1/aiassistance/texttools/:id contains an authorization failure. Context data e.g., a group or organization supplied to be used in the AI prompt were not checked if they are accessible f...

5.3CVSS0.0018EPSS

Exploits0References1

NVD•added 2026/04/08 7:25 p.m.•6 views

CVE-2026-34718

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the HTML sanitizer for ticket articles was missing proper sanitization of data: ... URI schemes, resulting in storing such malicious content in the database of the Zammad instance. The Zammad GUI is...

6.1CVSS0.00149EPSS

Exploits0References1

Vulnrichment•added 2026/04/08 6:20 p.m.•4 views

CVE-2026-34837 Zammad is miissing authorization in AI assistance controller for context data used in text tools

5.3CVSS5.9AI score0.0018EPSS

Exploits0References1

CVE•added 2026/04/08 6:17 p.m.•14 views

CVE-2026-34724

Zammad (web-based helpdesk) contains a server-side template injection vulnerability leading to remote code execution via the AI Agent, present before version 7.0.1. The impact is restricted to environments where an attacker can influence type_enrichment_data (typically high-privilege administrati...

8.7CVSS5.9AI score0.00262EPSS

Exploits0References1Affected Software1

EUVD•added 2026/04/08 6:14 p.m.•2 views

EUVD-2026-20563

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, unauthenticated remote attackers were able to access the getting started endpoint to get access to sensitive internal entity data, even after the system setup was completed. This vulnerability is fixed i...

8.7CVSS5.9AI score0.00443EPSS

Exploits0References1

CVE•added 2026/04/08 6:1 p.m.•14 views

CVE-2026-34718

CVE-2026-34718 affects Zammad, a web-based open source helpdesk system. The vulnerability stems from improper sanitization in the HTML sanitizer for ticket articles, which failed to neutralize certain data URI schemes, allowing malicious content to be stored in the database. The issue is mitigate...

6.1CVSS5.9AI score0.00149EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/01/09 12:37 p.m.•6 views

CVE-2023-50454

An issue was discovered in Zammad before 6.2.0. In several subsystems, SSL/TLS was used to establish connections to external services without proper validation of hostname and certificate authority. This is exploitable by man-in-the-middle attackers...

5.9CVSS6.8AI score0.00279EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:37 p.m.•6 views

CVE-2023-50455

An issue was discovered in Zammad before 6.2.0. Due to lack of rate limiting in the "email address verification" feature, an attacker could send many requests for a known address to cause Denial Of Service generation of many emails, which would also spam the victim...

7.5CVSS6.7AI score0.00701EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:15 p.m.•8 views

CVE-2018-1000154

Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper Neutralization of Script-Related HTML Tags in a Web Page CWE-80 vulnerability in the subject of emails which are not html quoted in certain cases. This can result in the embedding and execution of java script code on users browser...

6.1CVSS7.1AI score0.01598EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:41 a.m.•5 views

CVE-2022-35489

In Zammad 5.2.0, customers who have secondary organizations assigned were able to see all organizations of the system rather than only those to which they are assigned...

6.5CVSS6.9AI score0.00643EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:52 a.m.•6 views

CVE-2020-10100

An issue was discovered in Zammad 3.0 through 3.2. It allows for users to view ticket customer details associated with specific customers. However, the application does not properly implement access controls related to this functionality. As such, users of one company are able to access ticket da...

6.5CVSS6.7AI score0.00898EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:50 a.m.•6 views

CVE-2020-10096

An issue was discovered in Zammad 3.0 through 3.2. It does not prevent caching of confidential data within browser memory. An attacker who either remotely compromises or obtains physical access to a user's workstation can browse the browser cache contents and obtain sensitive information. The...

7.5CVSS6.2AI score0.01139EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2021-21941

Malware in sbrugna...

6.1CVSS6.3AI score0.01081EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2020-2565

Malware in sbrugna...

6.5CVSS6.5AI score0.00898EPSS

Exploits0References2