PT-2026-36874

Name of the Vulnerable Software and Affected Versions Easy PayPal Events & Tickets plugin for WordPress versions 1.3 and earlier Description A hardcoded authentication bypass exists in the QR code scanning functionality. Unauthenticated remote attackers can bypass hash verification by providing...

EUVD-2022-50736

Malicious code in bioql PyPI...

EUVD-2024-47615

Malicious code in bioql PyPI...

CVE-2022-48022

An issue in the component /api/v1/mentions of Zammad v5.3.0 allows authenticated attackers with agent permissions to view information about tickets they are not authorized to see...

CVE-2023-29867

Zammad 5.3.x Fixed 5.4.0 is vulnerable to Incorrect Access Control. An authenticated attacker could gain information about linked accounts of users involved in their tickets using the Zammad API...

CVE-2022-48022

An issue in the component /api/v1/mentions of Zammad v5.3.0 allows authenticated attackers with agent permissions to view information about tickets they are not authorized to see...

CVE-2022-48022

An issue in the component /api/v1/mentions of Zammad v5.3.0 allows authenticated attackers with agent permissions to view information about tickets they are not authorized to see...

TikTok: Incorrect authorization to the intelbot service leading to ticket information

An authentication bypass and site wide stored XSS cross-site scripting vulnerability was found on TikTok Ads as JWT JSON Web Token was not verified properly. We thank @johnstone for reporting this to our team and confirming its resolution...

CVE-2015-1480

ZOHO ManageEngine ServiceDesk Plus SDP before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a 1 getTicketData action to servlet/AJaxServlet or a direct request to 2 swf/flashreport.swf, 3 reports/flash/details.jsp, or 4 reports/CreateReportTable.jsp...

Design/Logic Flaw

ZOHO ManageEngine ServiceDesk Plus SDP before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a 1 getTicketData action to servlet/AJaxServlet or a direct request to 2 swf/flashreport.swf, 3 reports/flash/details.jsp, or 4 reports/CreateReportTable.jsp...

CVE-2015-1480

ZOHO ManageEngine ServiceDesk Plus SDP before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a 1 getTicketData action to servlet/AJaxServlet or a direct request to 2 swf/flashreport.swf, 3 reports/flash/details.jsp, or 4 reports/CreateReportTable.jsp...

CVE-2015-1480

CVE-2015-1480 : ManageEngine ServiceDesk Plus (SDP) prior to 9.0 build 9031 is vulnerable to information disclosure. Remote authenticated users can obtain sensitive ticket data via (1) getTicketData action to servlet/AJaxServlet or (2) direct requests to swf/flashreport.swf, (3) reports/flash/det...

Cerberus Helpdesk rpc.php Arbitrary Ticket Information Disclosure

The remote host is running Cerberus Helpdesk, a web-based helpdesk suite written in PHP. The installed version of Cerberus Helpdesk on the remote host allows an unauthenticated attacker to retrieve information about ticket requesters through the 'rpc.php' script. %NASLMINLEVEL 70300 C Tenable...