Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

OSV
OSVadded 2025/10/03 9:15 p.m.2 views

CVE-2025-10696

OpenSupports exposes an endpoint that allows the list of 'supervised users' for any account to be edited, but it does not validate whether the actor is the owner of that list. A Level 1 staff member can modify the supervision relationship of a third party the target user, who can then view the...

5.4CVSS6.7AI score
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/10/03 12:0 a.m.2 views

PT-2025-40599

Name of the Vulnerable Software and Affected Versions OpenSupports version 4.11.0 Description The software exposes an endpoint that allows modification of the 'supervised users' list for any account without verifying ownership. This allows a Level 1 staff member to alter the supervision...

7.1CVSS6.5AI score0.00041EPSS
Exploits1References8
CNVD
CNVDadded 2025/07/04 12:0 a.m.2 views

Zoo Management System view-normal-ticket.php file SQL Injection Vulnerability

Zoo Management System is a zoo management system. Zoo Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter viewid in file /admin/view-normal-ticket.php. An attacker can exploit this...

8.8CVSS7.1AI score0.00268EPSS
Exploits1References1
Exploit DB
Exploit DBadded 2017/01/30 12:0 a.m.76 views

HelpDeskZ < 1.0.2 - (Authenticated) SQL Injection / Unauthorized File Download

''' Exploit Title: HelpDeskZ fetchRow"SELECT , COUNTid AS total FROM ".TABLEPREFIX."attachments WHERE id=".$db-realescapestring$params2." AND ticketid=".$params0." AND msgid=".$params3; third argument AND msgid=".$params3; sent to fetchRow query with out any senitization Steps to reproduce:...

7.4AI score
Exploits0
Packet Storm
Packet Stormadded 2016/10/20 12:0 a.m.50 views

ManageEngine ServiceDesk Plus 9.2 Build 9207 Information Disclosure

Title: ManageEngine ServiceDesk Plus Low Privileged User View All Tickets Date: 18 October 2016 Author: p0z Vendor: ManageEngine Vendor Homepage: https://www.manageengine.com/ Product: ServiceDesk Plus Version: 9.2 Build 9207 Other versions could also be affected Fixed Version: 9.2 Build 9228...

7.4AI score
Exploits0
OSV
OSVadded 2011/03/18 4:55 p.m.1 views

DEBIAN-CVE-2008-7279

The CustomerInterface component in Open Ticket Request System OTRS before 2.2.8 allows remote authenticated users to bypass intended access restrictions and access tickets of arbitrary customers via unspecified vectors...

6.5CVSS7AI score0.00196EPSS
Exploits0References1
NVD
NVDadded 2005/11/26 10:3 p.m.11 views

CVE-2005-3839

Cross-site scripting XSS vulnerability in SupportPRO Supportdesk allows remote attackers to inject arbitrary web script or HTML via the 1 post tickers and 2 view tickets options...

4.3CVSS5.7AI score0.00427EPSS
Exploits0References5
Packet Storm
Packet Stormadded 2005/07/08 12:0 a.m.27 views

osTicketSQL.txt

GulfTech Security Research May 2nd, 2005 Vendor : osTicket URL : http://www.osticket.com/ Version : All Versions Risk : Multiple Vulnerabilities Description: osTicket is a widely-used open source support ticket system. It is a lightweight support ticket tool written mainly using PHP scripting...

7.4AI score
Exploits0
Rows per page
Query Builder