CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 5 days ago•6 views

CVE-2026-48189

An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note that the feature has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X 8.0.X 2023.X...

5.7CVSS5.8AI score0.00031EPSS

Exploits0References2Affected Software1

EUVD•added 5 days ago•6 views

EUVD-2026-33549

An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...

3.5CVSS5.8AI score0.00021EPSS

ATTACKERKB•added 5 days ago•5 views

CVE-2026-48191

3.5CVSS5.8AI score0.00021EPSS

Exploits0References2Affected Software1

CVE-2026-48208 Denial-of-Service via SVG Rendering in Ticket

An improper neutralization of active SVG content in OTRS or OTRS Community Edition ticket article rendering allows attackers to inject specially crafted SVG payloads via email content, leading to browser-side resource exhaustion and denial of service when affected tickets are opened by an agent o...

CVE•added 5 days ago•21 views

CVE-2026-48208

The CVE concerns an improper neutralization of active SVG content in OTRS/OTRS Community Edition ticket article rendering, allowing an attacker to inject crafted SVGs via email content that triggers browser-side resource exhaustion and DoS when tickets are opened. It is exploitable without JavaSc...

ATTACKERKB•added 5 days ago•8 views

CVE-2026-48208

Exploits0References2Affected Software2

EUVD•added 5 days ago•9 views

EUVD-2026-33548

ATTACKERKB•added 5 days ago•5 views

CVE-2026-48209

An improper neutralization of user-controllable input in OTRS or OTRS Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting XSS attacks via crafted request parameters associated with ticket actions. By injecting malicious JavaScript into...

7.1CVSS6AI score0.00037EPSS

Exploits0References2Affected Software2

CVE-2026-20456

In wlan STA driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480851; Issue ID: MSV-6338...

5.9AI score0.00014EPSS

ATTACKERKB•added 5 days ago•6 views

CVE-2026-20455

In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10873936; Issue ID: MSV-6784...

5.8AI score0.0001EPSS

Exploits0References2

EUVD•added 5 days ago•10 views

EUVD-2026-33544

7.8CVSS5.8AI score0.0001EPSS

CVE-2026-20455

5.8AI score0.0001EPSS

Cvelist•added 5 days ago•35 views

CVE-2026-20454

In geniezone, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10873936; Issue ID: MSV-6786...

0.00011EPSS

EUVD•added 5 days ago•7 views

EUVD-2026-33543

6.4CVSS5.8AI score0.00011EPSS

CVE•added 5 days ago•13 views

CVE-2026-20453

CVE-2026-20453 affects geniezone with a possible out-of-bounds write caused by a missing bounds check. The issue could enable local privilege escalation for an actor who already has System privileges, with no user interaction required. Patch ALPS10886526 (MSV-6791) is referenced as a fix. Exploit...

6.7CVSS5.8AI score0.00013EPSS

Exploits0References1Affected Software1

CVE-2026-20453

5.8AI score0.00013EPSS

EUVD•added 5 days ago•9 views

EUVD-2026-33542

6.7CVSS5.8AI score0.00013EPSS