770 matches found
EUVD-2021-29072
Malicious code in bioql PyPI...
EUVD-2022-31836
Malicious code in bioql PyPI...
EUVD-2022-31835
Malicious code in bioql PyPI...
EUVD-2022-34027
Malicious code in bioql PyPI...
EUVD-2022-34026
Malicious code in bioql PyPI...
EUVD-2023-33404
Malicious code in bioql PyPI...
EUVD-2025-14716
Malicious code in bioql PyPI...
EUVD-2021-31687
Malicious code in bioql PyPI...
EUVD-2021-29075
Malicious code in bioql PyPI...
CVE-2024-33668
An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially guessable FormIDs to identify content. An attacker could try to brute force them to upload malicious content to article drafts they have no access to...
CVE-2024-33667
An issue was discovered in Zammad before 6.3.0. An authenticated agent could perform a remote Denial of Service attack by calling an endpoint that accepts a generic method name, which was not properly sanitized against an allowlist...
CVE-2024-33666
An issue was discovered in Zammad before 6.3.0. Users with customer access to a ticket could have accessed time accounting details of this ticket via the API. This data should be available only to agents...
CVE-2024-55578
Zammad before 6.4.1 places sensitive data such as authmicrosoftoffice365credentials and applicationsecret in log files...
CVE-2023-50456
An issue was discovered in Zammad before 6.2.0. An attacker can trigger phishing links in generated notification emails via a crafted first or last name...
CVE-2023-50453
An issue was discovered in Zammad before 6.2.0. It uses the public endpoint /api/v1/signshow for its login screen. This endpoint returns internal configuration data of user object attributes, such as selectable values, which should not be visible to the public...
CVE-2023-50457
An issue was discovered in Zammad before 6.2.0. When listing tickets linked to a knowledge base answer, or knowledge base answers of a ticket, a user could see entries for which they lack permissions...
CVE-2023-31597
An issue in Zammad v5.4.0 allows attackers to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user. Attackers are also able to gain unauthorized access to existing tickets...
CVE-2023-29867
Zammad 5.3.x Fixed 5.4.0 is vulnerable to Incorrect Access Control. An authenticated attacker could gain information about linked accounts of users involved in their tickets using the Zammad API...
CVE-2023-29868
Zammad 5.3.x Fixed in 5.4.0 is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions...
CVE-2022-29700
A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service DoS during password verification...