Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Znuny Subscribe
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-26846 1 Znuny 1 Znuny 2025-06-13 N/A 9.8 CRITICAL
An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata.
CVE-2025-26842 1 Znuny 1 Znuny 2025-06-12 N/A 7.5 HIGH
An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content of S/MIME encrypted e-mail messages is visible to users with access to the CommunicationLog.
CVE-2025-26844 1 Znuny 1 Znuny 2025-06-12 N/A 9.8 CRITICAL
An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag.
CVE-2025-43926 1 Znuny 1 Znuny 2025-06-12 N/A 6.1 MEDIUM
An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateAJAX subaction can be used to set user preferences with arbitrary keys. When fetching user data via GetUserData, these keys and values are retrieved and given as a whole to other function calls, which then might use these keys/values to affect permissions or other settings.
CVE-2025-26845 1 Znuny 1 Znuny 2025-05-16 N/A 9.8 CRITICAL
An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script.
CVE-2025-26847 1 Znuny 1 Znuny 2025-05-16 N/A 7.5 HIGH
An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked.
CVE-2024-48938 1 Znuny 1 Znuny 2025-03-14 N/A 7.5 HIGH
Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied from Microsoft Word could lead to high CPU usage and block the parsing process.
CVE-2024-48937 1 Znuny 1 Znuny 2025-03-13 N/A 6.1 MEDIUM
Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. JavaScript code in the short description of the SLA field in Activity Dialogues is executed.