EUVD-2025-14306

Malicious code in bioql PyPI...

CVE-2025-26846

An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata...

CVE-2025-26846

An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata...

DEBIAN-CVE-2025-26846

An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata...

UBUNTU-CVE-2025-26846

An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata...

CVE-2025-26846

An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata...

CVE-2025-26846

CVE-2025-26846 affects Znuny versions before 7.1.4. The issue arises from insufficient permission checks when using the Generic Interface to update ticket metadata, enabling improper access under network conditions. The CVSS v3.1 score is 9.8 (CRITICAL) with high impact on confidentiality, integr...

SUSE CVE-2023-38060

Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment. This issue...

SUSE CVE-2024-43446

An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023.X OTRS 2024.X OTRS Community Edition: 6.0.x Products based on the OTRS Community Edition...

CVE-2024-43446 Improper check of permissions in Generic Interface

An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023.X OTRS 2024.X OTRS Community Edition: 6.0.x Products based on the OTRS Community Edition...

CVE-2024-43446 Improper check of permissions in Generic Interface

An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023.X OTRS 2024.X OTRS Community Edition: 6.0.x Products based on the OTRS Community Edition...

CVE-2024-43446

CVE-2024-43446 affects OTRS: improper privilege management in the Generic Interface module allows users with read-only privileges to change ticket status. Impacted: OTRS 7.0.x, 8.0.x, 2023.x, 2024.x and ((OTRS)) Community Edition 6.0.x (and products built on it). Root cause: insufficient access c...

PT-2025-2648 · Otrs · Otrs

Name of the Vulnerable Software and Affected Versions: OTRS versions 6.0.x through 8.0.x OTRS versions 2023.x through 2024.x Description: An improper privilege management issue in the OTRS Generic Interface module allows users with read-only permissions to change the ticket status. This issue may...

CVE-2023-38060

Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment. This issue...

Input validation

Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment. This issue...

CVE-2023-38060 Host header injection by attachments in web service

Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment. This issue...

CVE-2023-38060

Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment. This issue...

CVE-2023-38060

CVE-2023-38060 is an Improper Input Validation vulnerability in the ContentType parameter for attachments on OTRS’ TicketCreate/TicketUpdate in the Generic Interface modules. An authenticated attacker can perform an host header injection for the ContentType header of an attachment. Affected produ...

SUSE CVE-2014-9324

The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors...

kernel: Use after free in SCSI generic device interface

It was found that the blkrqmapuseriov function in the Linux kernel's block device implementation did not properly restrict the type of iterator, which could allow a local attacker to read or write to arbitrary kernel memory locations or cause a denial of service use-after-free by leveraging write...