26 matches found
EUVD-2020-2569
Malware in sbrugna...
EUVD-2017-14716
Malware in sbrugna...
EUVD-2020-2568
Malware in sbrugna...
EUVD-2020-18661
Malware in sbrugna...
EUVD-2020-21539
Malware in sbrugna...
EUVD-2020-21538
Malware in sbrugna...
EUVD-2020-21540
Malware in sbrugna...
EUVD-2021-31687
Malicious code in bioql PyPI...
EUVD-2021-29071
Malicious code in bioql PyPI...
EUVD-2025-14714
Malicious code in bioql PyPI...
EUVD-2021-29080
Malicious code in bioql PyPI...
EUVD-2022-38377
Malicious code in bioql PyPI...
EUVD-2022-50736
Malicious code in bioql PyPI...
CVE-2023-50453
An issue was discovered in Zammad before 6.2.0. It uses the public endpoint /api/v1/signshow for its login screen. This endpoint returns internal configuration data of user object attributes, such as selectable values, which should not be visible to the public...
CVE-2021-42092
An issue was discovered in Zammad before 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket...
CVE-2020-26029
An issue was discovered in Zammad before 3.4.1. There are wrong authorization checks for impersonation requests via X-On-Behalf-Of. The authorization checks are performed for the actual user and not the one given in the X-On-Behalf-Of header...
CVE-2025-32360
In Zammad 6.4.x before 6.4.2, there is information exposure. Only agents should be able to see and work on shared article drafts. However, a logged in customer was able to see details about shared drafts for their customer tickets in the browser console, which may contain confidential information...
CVE-2025-32359
In Zammad 6.4.x before 6.4.2, there is client-side enforcement of server-side security. When changing their two factor authentication configuration, users need to re-authenticate with their current password first. However, this change was enforced in Zammad only on the front end level, and not wh...
CVE-2022-48022
An issue in the component /api/v1/mentions of Zammad v5.3.0 allows authenticated attackers with agent permissions to view information about tickets they are not authorized to see...
Privilege escalation
An issue was discovered in Zammad before 5.0.1. In some cases, there is improper enforcement of the privilege requirement for viewing a list of tickets that shows title, state, etc...