Linux Distros Unpatched Vulnerability : CVE-2025-52204

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Cross-Site Scripting XSS vulnerability exists in Znuny::ITSM 6.5.x in the customer.pl endpoint via the OTRSCustomerInterface parameter CVE-2025-52204 Note tha...

CVE-2025-26846

An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata...

CVE-2025-26847

An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked...

CVE-2025-43926

An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateAJAX subaction can be used to set user preferences with arbitrary keys. When fetching user data via GetUserData, these keys and values are retrieved and given as a whole to other...

CVE-2025-26842

An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content of S/MIME encrypted e-mail messages is visible to users with access to the CommunicationLog...

Znuny 安全漏洞

Znuny is a work order system from Znuny, Inc. A security vulnerability exists in Znuny versions 6.5.1 through 6.5.10, 7.0.1 through 7.0.16, and 6.0, which stems from a cross-site scripting vulnerability in which JavaScript code in the short description of the SLA field in the Activity dialog box...