📦 Znuny

A missing authorization vulnerability in Znuny's Generic Interface allows attackers to modify ticket metadata without proper permission checks. This affects all Znuny installations before version 7.1....

CVE-2025-26845 is an eval injection vulnerability in Znuny that allows authenticated users with configuration write access to execute arbitrary commands via the backup.pl script. This affects all Znun...

This vulnerability in Znuny (formerly OTRS) allows attackers to steal session cookies via cross-site scripting (XSS) attacks because cookies lack the HttpOnly flag. All users of Znuny up to version 7....

This vulnerability allows authenticated users in Znuny and Znuny LTS to upload files to arbitrary writable locations via path traversal in manipulated AJAX requests. If the uploaded location is public...

This vulnerability in Znuny allows users with CommunicationLog access to view S/MIME encrypted email content from tickets they shouldn't have access to. It affects all Znuny installations through vers...

This vulnerability allows denial-of-service attacks against Znuny systems through specially crafted emails. Attackers can send emails containing HTML copied from Microsoft Word that causes excessive C...

This SQL injection vulnerability in Znuny allows authenticated agents to execute arbitrary SQL commands through the draft form ID parameter in AJAX requests. It affects Znuny LTS versions 6.5.1 throug...

This cross-site scripting (XSS) vulnerability in Znuny allows attackers to inject malicious JavaScript code into the short description field of SLA settings in Activity Dialogues. When viewed by admin...