7 matches found
CVE-2025-26846
An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata...
CVE-2025-26845
An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script...
CVE-2025-26847
An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked...
CVE-2025-26847
An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked...
CVE-2025-26844
An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag...
CVE-2025-26844
An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag...
CVE-2025-26847
Znuny before 7.1.5 has a vulnerability where, when generating a support bundle, not all passwords are masked. Affects Znuny 7.1.x (older than 7.1.5); root cause is incomplete password masking in the bundle-generation process. Consequence: potential disclosure of passwords via generated support bu...