CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

314 matches found

CVE-2026-48188

An improper Input Validation vulnerability in OTRS or OTRS Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue only affects the system if the MySQL/MariaDB server is configured with the NOBACKSLASHESCAPES SQL mode...

9.1CVSS5.6AI score0.00079EPSS

Exploits1References1

NVD•added 2026/06/01 4:16 a.m.•9 views

CVE-2026-48189

An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note that the feature has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X 8.0.X 2023.X...

5.7CVSS0.00031EPSS

Exploits0References1

EUVD•added 2026/03/23 9:30 p.m.•1 views

EUVD-2025-208946

A Cross-Site Scripting XSS vulnerability exists in Znuny::ITSM 6.5.x in the customer.pl endpoint via the OTRSCustomerInterface parameter...

5.8AI score0.00013EPSS

Exploits1References4

RedhatCVE•added 2026/01/09 10:27 a.m.•8 views

CVE-2008-7277

Open Ticket Request System OTRS before 2.3.0-beta4 checks for the rw permission, instead of the configured merge permission, during authorization of merge operations, which might allow remote authenticated users to bypass intended access restrictions by merging two tickets...

6.5CVSS6.7AI score0.00196EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:27 a.m.•5 views

CVE-2008-7283

Open Ticket Request System OTRS before 2.2.6, when customer group support is enabled, allows remote authenticated users to bypass intended access restrictions and perform web-interface updates to tickets by leveraging queue read permissions...

6CVSS6.5AI score0.00135EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:18 a.m.•4 views

CVE-2019-18179

An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn'...

4.3CVSS6.6AI score0.00403EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:30 a.m.•6 views

CVE-2019-16375

An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and 6.0.x through 6.0.22. An attacker who is logged in as an agent or customer user with appropriate permissions can create a carefully crafted string containing malicious...

5.4CVSS6.8AI score0.00647EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:29 a.m.•5 views

CVE-2019-12497

An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. In the customer or external frontend, personal information of agents e.g., Name and mail address can be disclosed in external notes...

5.3CVSS6.6AI score0.00917EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•6 views

EUVD-2009-5013

Malware in sbrugna...

5CVSS6.2AI score0.00275EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-2126

Malware in sbrugna...

4.3CVSS4.6AI score0.00197EPSS

Exploits0References3