📦 Zammad

This vulnerability in Zammad allows attackers to brute-force guessable FormIDs used in the upload cache, enabling them to inject malicious content into article drafts they shouldn't have access to. Al...

This critical vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary code or escalate privileges by sending a specially crafted message to the server. All organizations running the affec...

CVE-2022-27332 is an authentication bypass vulnerability in Zammad v5.0.3 that allows unauthenticated attackers to write entries to the CTI caller log. This enables attackers to execute phishing attac...

CVE-2021-42090 is a remote code execution vulnerability in Zammad's Form functionality due to unsafe deserialization. Attackers can execute arbitrary code on affected Zammad instances, potentially com...

CVE-2021-42094 is a command injection vulnerability in Zammad that allows attackers to execute arbitrary commands on the server via custom Packages. This affects all Zammad installations before versio...

This vulnerability allows attackers to bypass authentication in Zammad's SSO endpoint by sending a crafted header when SSO is not configured. Attackers can create authenticated sessions to perform any...

This vulnerability in Zammad allows users with customer-level access to view time accounting details for tickets via the API, which should be restricted to agent-level users only. This exposes sensiti...

This vulnerability in Zammad allows attackers to send excessive email verification requests to known addresses, causing denial of service through email spam and resource exhaustion. Organizations runn...

CVE-2022-29700 is a vulnerability in Zammad v5.1.0 where lack of password length restriction allows attackers to create extremely long passwords, causing Denial of Service (DoS) during password verifi...

Zammad 5.0.1 with certain LDAP configurations allows unauthorized access using existing user accounts. This authentication bypass vulnerability affects organizations using Zammad with LDAP integration...

This vulnerability allows authenticated Agent accounts in Zammad to escalate privileges to Administrator level by modifying account data through crafted requests. It affects all Zammad installations r...

This vulnerability in Zammad's REST API allows unauthorized disclosure of sensitive information. Attackers can access confidential data through API endpoints without proper authentication. Organizatio...

This vulnerability allows authenticated administrators in Zammad to execute arbitrary code on the server by manipulating trigger functionality. It affects Zammad installations where admin users could ...

This vulnerability in Zammad allows attackers to probe email connection configurations and obtain sensitive information like email server credentials. It affects all Zammad installations from version ...

This vulnerability allows authenticated admin users in Zammad to perform Server-Side Request Forgery (SSRF) attacks. When webhooks return redirect responses, Zammad automatically follows them with GET...

This vulnerability in Zammad allows logged-in customers to view and manipulate shared article drafts intended only for agents. Customers can access confidential information from draft articles and mod...