EUVD-2026-20568

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, he REST endpoint POST /api/v1/aiassistance/texttools/:id contains an authorization failure. Context data e.g., a group or organization supplied to be used in the AI prompt were not checked if they are accessible f...

CVE-2026-34248 Zammad has an information disclosure in ticket detail view of customers in shared organizations

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, customers in shared organizations means they can see each other's tickets could see fields which are not intended for customers - including fields not intended for them at all e.g. priority, custom ticket attribut...

Zammad is vulnerable to authorization issues

Zammad is a Web-based open source helpdesk/customer support system. Zammad suffers from an authorization issue vulnerability that can be exploited by an attacker to register a new account using an email address that contains a non-existent domain of an existing organization, which in turn can be...

Zammad Cross-Site Scripting Vulnerability

Zammad is a web-based, open-source helpdesk/customer support system from the German company Zammad, with many features to manage customer communication through multiple channels such as phone calls. A cross-site scripting vulnerability exists in Zammad. An attacker can exploit this vulnerability ...

Zammad Security Bypass Vulnerability

Zammad is a web-based, open-source helpdesk/customer support system from the German company Zammad, with many features to manage customer communication through multiple channels such as phone calls. A security bypass vulnerability exists in Zammad. An attacker could exploit the vulnerability to...

ReadyDesk Security Bypass Vulnerability

ReadyDesk is a Web-based helpdesk software solution from ReadyDesk, Inc. A security bypass vulnerability exists in ReadyDesk version 9.1, which stems from the use of hard-coded encryption for user credentials. An attacker could exploit the vulnerability to obtain a password...

ManageEngine ServiceDesk Plus User Rights Management Vulnerability

ServiceDesk Plus is web-based helpdesk software that helps users manage all their communications from a single point. A user rights management vulnerability exists in ManageEngine ServiceDesk Plus that allows an attacker to access certain features that are only available to administrative users...

manageengine service desk plus 8.0 - Directory Traversal vulnerability

No description provided by source. Google Dork: ie: intitle:ManageEngine ServiceDesk Plus Author: Keith Lee [email protected], @keith55, http://milo2012.wordpress.com Software Link: http://www.manageengine.com/products/service-desk/91677414/ManageEngineServiceDeskPlus.exe Version: 8.0...