CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

607 matches found

ATTACKERKB•added 2026/01/12 6:34 p.m.•4 views

CVE-2026-22200

Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficientl...

8.7CVSS6AI score0.74425EPSS

Exploits3References9Affected Software1

CNNVD•added 2026/01/12 12:0 a.m.•4 views

Enhancesoft osTicket 注入漏洞

Enhancesoft osTicket is an open source ticketing system from Enhancesoft, Inc. in the United States. An injection vulnerability exists in Enhancesoft osTicket 1.18.2 and earlier versions, which stems from the presence of arbitrary file reads in the ticket PDF export function, which could lead to ...

8.7CVSS6.9AI score0.74425EPSS

Exploits3References6

Positive Technologies•added 2026/01/12 12:0 a.m.•10 views

PT-2026-2291

Name of the Vulnerable Software and Affected Versions osTicket versions 1.17.x prior to 1.17.7 and 1.18.x prior to 1.18.3 Description osTicket versions 1.17.x prior to 1.17.7 and 1.18.x prior to 1.18.3 contain an arbitrary file read issue in the ticket PDF export functionality. An attacker can...

8.7CVSS6.1AI score0.74425EPSS

Exploits3References36

RedhatCVE•added 2026/01/09 10:48 a.m.•6 views

CVE-2022-31890

SQL Injection vulnerability in audit/class.audit.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae via the order parameter to the getOrder function...

9.8CVSS8AI score0.13734EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:48 a.m.•6 views

CVE-2022-31889

Cross Site Scripting XSS vulnerability in audit/templates/auditlogs.tmpl.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae...

6.1CVSS5.9AI score0.00758EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:46 a.m.•4 views

CVE-2022-31888

Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2...

8.8CVSS6.9AI score0.01534EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:11 a.m.•6 views

CVE-2019-11537

In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.php/users/import if an agent manager user uploads a crafted .csv file to the User Importer, because file contents can appear in an error message. The XSS can lead to local file...

6.1CVSS5.8AI score0.04034EPSS

Exploits1References1