10 matches found
CVE-2026-48210
An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. This leads to unintended exposure of internal ticket information to the External Frontend This issue...
CVE-2026-48210 Possible information disclosure via External Interface
An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. This leads to unintended exposure of internal ticket information to the External Frontend This issue...
CVE-2026-34248
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, customers in shared organizations means they can see each other's tickets could see fields which are not intended for customers - including fields not intended for them at all e.g. priority, custom ticket attribut...
WordPress plugin Awesome Support – WordPress HelpDesk & Support Plugin 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin unsafe direct object reference vulnerability
WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin is a helpdesk and customer work order system plugin for WordPress websites designed to help businesses or individuals efficiently manage customer support requests. The WordPress ELEX WordPress HelpDesk & Customer Ticketing Syste...
CVE-2025-10039
The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.9 via the 'ehcrmticketsingleviewclient' due to missing validation on a user controlled key. This makes it possible for...
EUVD-2000-0571
Malware in sbrugna...
WordPress KB Support plugin <= 1.6.6 - Missing Authorization to Unauthenticated Ticket Reply Exposure vulnerability
Missing Authorization to Unauthenticated Ticket Reply Exposure vulnerability discovered by Krzysztof Zając in WordPress Plugin KB Support versions = 1.6.6...
SUSE CVE-2020-1776
When an agent user is renamed or set to invalid the session belonging to the user is keept active. The session can not be used to access ticket data in the case the agent is invalid. This issue affects OTRS Community Edition: 6.0.28 and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and...
SSH with Kerberos NFS Share Ticket Disclosure
The remote host is running a version of SSH which is older than or as old as version 1.2.27. There is a flaw in the remote version of this software which allows an attacker to eavesdrop the kerberos tickets of legitimate users of this service, as sshd will set their environment variable KRB5CCNAM...