Lucene search
K

22 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-50592

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Znuny LTS before 6.5.21 and Znuny before 7.3.3, there is reflected XSS in AdminCommunicationLog aka the communication log administration view. CVE-2026-50592...

6.4CVSS5.5AI score0.00148EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/03/23 4:38 p.m.174 views

Exploit for CVE-2025-52204

CVE-2025-52204 – Reflected XSS / HTML Injection in Znuny cust...

6AI score0.00236EPSS
Exploits1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-14011

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00296EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 7:3 a.m.7 views

CVE-2024-48937

Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. JavaScript code in the short description of the SLA field in Activity Dialogues is executed...

6.1CVSS6.9AI score0.00365EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:19 a.m.14 views

CVE-2024-32491

An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file via a manipulated AJAX Request to an arbitrary writable location by traversing paths. Arbitrary code can be executed if this location is publicly available...

9.8CVSS7.1AI score0.00719EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:19 a.m.8 views

CVE-2024-32492

An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript...

7.1CVSS6.9AI score0.00532EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/12 12:0 a.m.12 views

CVE-2025-26846

An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata...

0.00363EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/10 12:20 a.m.15 views

CVE-2025-26847

An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked...

9.1CVSS6.9AI score0.00338EPSS
Exploits0References1
NVD
NVD
added 2025/05/08 4:15 p.m.29 views

CVE-2025-43926

An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateAJAX subaction can be used to set user preferences with arbitrary keys. When fetching user data via GetUserData, these keys and values are retrieved and given as a whole to other...

6.1CVSS0.00202EPSS
Exploits0References2
OSV
OSV
added 2025/05/08 4:15 p.m.6 views

DEBIAN-CVE-2025-43926

An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateAJAX subaction can be used to set user preferences with arbitrary keys. When fetching user data via GetUserData, these keys and values are retrieved and given as a whole to other...

6.1CVSS5.6AI score0.00202EPSS
Exploits0References1
NVD
NVD
added 2025/05/08 4:15 p.m.22 views

CVE-2025-26844

An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag...

9.8CVSS0.00363EPSS
Exploits0References2
NVD
NVD
added 2025/05/08 4:15 p.m.17 views

CVE-2025-26842

An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content of S/MIME encrypted e-mail messages is visible to users with access to the CommunicationLog...

7.5CVSS0.00296EPSS
Exploits0References1
OSV
OSV
added 2025/05/08 4:15 p.m.7 views

CVE-2025-26844

An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag...

9.8CVSS6.7AI score
Exploits0References2
CVE
CVE
added 2025/05/08 12:0 a.m.59 views

CVE-2025-26844

The CVE-2025-26844 vulnerability affects Znuny up to version 7.1.3 where a cookie is set without the HttpOnly flag. The underlying issue is improper cookie configuration, enabling cookies to be accessible to client-side scripts. This could, per the available references, contribute to session-rela...

9.8CVSS6.5AI score0.00363EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/05/08 12:0 a.m.67 views

CVE-2025-26845

CVE-2025-26845 describes an Eval Injection vulnerability in Znuny up to version 7.1.3. A user with write access to the configuration file can cause code execution via the command that runs the backup.pl script, effectively allowing escalation to the user running that script. The primary affected ...

9.8CVSS7.1AI score0.00423EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/08 12:0 a.m.7 views

CVE-2025-43926

An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateAJAX subaction can be used to set user preferences with arbitrary keys. When fetching user data via GetUserData, these keys and values are retrieved and given as a whole to other...

6.3AI score0.00202EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/08 12:0 a.m.20 views

CVE-2025-26845

An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script...

0.00423EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/08 12:0 a.m.4 views

Znuny 安全漏洞

Znuny is a work order system from Znuny, Inc. A security vulnerability exists in Znuny 7.1.3 and prior versions, which stems from improperly written configuration files and could lead to command injection...

9.8CVSS6.6AI score0.00423EPSS
Exploits0References2
CVE
CVE
added 2025/05/08 12:0 a.m.57 views

CVE-2025-43926

Znuny vulnerability CVE-2025-43926 affects versions 6.5.14 and 7.x up to 7.1.6. The issue arises from Custom AJAX calls to AgentPreferences UpdateAJAX, allowing arbitrary keys to be set as user preferences. When GetUserData fetches data, these keys/values are passed to other function calls and ma...

6.1CVSS6.6AI score0.00202EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/05/08 12:0 a.m.13 views

CVE-2025-43926

An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateAJAX subaction can be used to set user preferences with arbitrary keys. When fetching user data via GetUserData, these keys and values are retrieved and given as a whole to other...

0.00202EPSS
Exploits0References2
Rows per page
Query Builder