EUVD-2020-6367

Malware in sbrugna...

EUVD-2024-35877

Malicious code in bioql PyPI...

CVE-2025-32359

In Zammad 6.4.x before 6.4.2, there is client-side enforcement of server-side security. When changing their two factor authentication configuration, users need to re-authenticate with their current password first. However, this change was enforced in Zammad only on the front end level, and not wh...

CVE-2025-32359

The CVE-2025-32359 entry concerns Zammad 6.4.x prior to 6.4.2, where a security check (re-authentication with the current password when changing two-factor authentication settings) is enforced only on the front end and not when calls are made via the API. Affected software: Zammad 6.4.0–6.4.1 (6....

CVE-2024-36078

In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file permissions. This allowed a local attacker on the server to modify the gem's files, injecting arbitrary code into Zammad processes which run with the environment and permissions of the Zammad user...

CVE-2024-36078

In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file permissions. This allowed a local attacker on the server to modify the gem's files, injecting arbitrary code into Zammad processes which run with the environment and permissions of the Zammad user...

Zammad Incorrect Access Control Vulnerability (CNVD-2021-48886)

Zammad is a Web-based open source helpdesk/customer support system. Zammad suffers from an incorrect access control vulnerability. A remote attacker could exploit this vulnerability to obtain sensitive information through email connection configuration probes...

Cross site request forgery (csrf)

An issue was discovered in Zammad 3.0 through 3.2. It returns source code of static resources when submitting an OPTIONS request, rather than a GET request. Disclosure of source code allows for an attacker to formulate more precise attacks. Source code was disclosed for the file 404.html...