Lucene search
K

10 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-6367

Malware in sbrugna...

6.5CVSS6.5AI score0.00717EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-35877

Malicious code in bioql PyPI...

6.7CVSS6.6AI score0.00202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:20 p.m.7 views

CVE-2020-14214

Zammad before 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions. An attacker can register a new account that will have access to all tickets of an arbitrary Organization...

6.5CVSS7AI score0.00717EPSS
Exploits0
Cvelist
Cvelist
added 2025/04/05 12:0 a.m.19 views

CVE-2025-32359

In Zammad 6.4.x before 6.4.2, there is client-side enforcement of server-side security. When changing their two factor authentication configuration, users need to re-authenticate with their current password first. However, this change was enforced in Zammad only on the front end level, and not wh...

4.8CVSS0.00264EPSS
Exploits0References1
CVE
CVE
added 2025/04/05 12:0 a.m.85 views

CVE-2025-32359

The CVE-2025-32359 entry concerns Zammad 6.4.x prior to 6.4.2, where a security check (re-authentication with the current password when changing two-factor authentication settings) is enforced only on the front end and not when calls are made via the API. Affected software: Zammad 6.4.0–6.4.1 (6....

8.8CVSS7.3AI score0.00264EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/14 4:40 a.m.10 views

CVE-2024-36078

In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file permissions. This allowed a local attacker on the server to modify the gem's files, injecting arbitrary code into Zammad processes which run with the environment and permissions of the Zammad user...

6.7CVSS7AI score0.00202EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/19 7:36 p.m.31 views

CVE-2024-36078

In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file permissions. This allowed a local attacker on the server to modify the gem's files, injecting arbitrary code into Zammad processes which run with the environment and permissions of the Zammad user...

6.7AI score0.00202EPSS
Exploits0References1
OSV
OSV
added 2021/10/07 8:15 p.m.11 views

CVE-2021-42094

An issue was discovered in Zammad before 4.1.1. Command Injection can occur via custom Packages...

9.8CVSS7.3AI score
Exploits0References1
CNVD
CNVD
added 2021/06/29 12:0 a.m.6 views

Zammad Incorrect Access Control Vulnerability (CNVD-2021-48886)

Zammad is a Web-based open source helpdesk/customer support system. Zammad suffers from an incorrect access control vulnerability. A remote attacker could exploit this vulnerability to obtain sensitive information through email connection configuration probes...

7.5CVSS6.3AI score0.01119EPSS
Exploits0References1
Prion
Prion
added 2020/03/05 1:15 a.m.13 views

Cross site request forgery (csrf)

An issue was discovered in Zammad 3.0 through 3.2. It returns source code of static resources when submitting an OPTIONS request, rather than a GET request. Disclosure of source code allows for an attacker to formulate more precise attacks. Source code was disclosed for the file 404.html...

5CVSS5.4AI score0.00901EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder