Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/znuny@6.5.15-2?distro=trixie
Typedeb
Namespacedebian
Nameznuny
Version6.5.15-2
Qualifiers
distro trixie
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.5.16-1
Latest_non_vulnerable_version6.5.19-1
Affected_by_vulnerabilities
0
url VCID-4sdd-c9p8-3fac
vulnerability_id VCID-4sdd-c9p8-3fac
summary A Cross-Site Scripting (XSS) vulnerability exists in Znuny::ITSM 6.5.x in the customer.pl endpoint via the OTRSCustomerInterface parameter
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-52204
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.09509
published_at 2026-04-18T12:55:00Z
1
value 0.00033
scoring_system epss
scoring_elements 0.09527
published_at 2026-04-07T12:55:00Z
2
value 0.00033
scoring_system epss
scoring_elements 0.09601
published_at 2026-04-08T12:55:00Z
3
value 0.00033
scoring_system epss
scoring_elements 0.0965
published_at 2026-04-09T12:55:00Z
4
value 0.00033
scoring_system epss
scoring_elements 0.0966
published_at 2026-04-11T12:55:00Z
5
value 0.00033
scoring_system epss
scoring_elements 0.09628
published_at 2026-04-12T12:55:00Z
6
value 0.00033
scoring_system epss
scoring_elements 0.09612
published_at 2026-04-13T12:55:00Z
7
value 0.00033
scoring_system epss
scoring_elements 0.09504
published_at 2026-04-16T12:55:00Z
8
value 0.00033
scoring_system epss
scoring_elements 0.09565
published_at 2026-04-02T12:55:00Z
9
value 0.00033
scoring_system epss
scoring_elements 0.09616
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-52204
1
reference_url https://github.com/j0qq3r/CVE-2025-52204
reference_id CVE-2025-52204
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:00:50Z/
url https://github.com/j0qq3r/CVE-2025-52204
2
reference_url https://www.znuny.org/en/releases/znuny-7-3-1
reference_id znuny-7-3-1
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:00:50Z/
url https://www.znuny.org/en/releases/znuny-7-3-1
3
reference_url http://znuny.com
reference_id znuny.com
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:00:50Z/
url http://znuny.com
4
reference_url http://znunyitsm.com
reference_id znunyitsm.com
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:00:50Z/
url http://znunyitsm.com
fixed_packages
0
url pkg:deb/debian/znuny@6.5.19-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.19-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie
aliases CVE-2025-52204
risk_score 2.8
exploitability 0.5
weighted_severity 5.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4sdd-c9p8-3fac
1
url VCID-zd8d-c1nk-g7a4
vulnerability_id VCID-zd8d-c1nk-g7a4
summary 
jquery-validation vulnerable to Cross-site Scripting
Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3573.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3573.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3573
reference_id
reference_type
scores
0
value 0.00247
scoring_system epss
scoring_elements 0.47999
published_at 2026-04-09T12:55:00Z
1
value 0.00247
scoring_system epss
scoring_elements 0.48
published_at 2026-04-12T12:55:00Z
2
value 0.00247
scoring_system epss
scoring_elements 0.48023
published_at 2026-04-11T12:55:00Z
3
value 0.00247
scoring_system epss
scoring_elements 0.47983
published_at 2026-04-02T12:55:00Z
4
value 0.00247
scoring_system epss
scoring_elements 0.48003
published_at 2026-04-04T12:55:00Z
5
value 0.00247
scoring_system epss
scoring_elements 0.47952
published_at 2026-04-07T12:55:00Z
6
value 0.00247
scoring_system epss
scoring_elements 0.48005
published_at 2026-04-08T12:55:00Z
7
value 0.00297
scoring_system epss
scoring_elements 0.53083
published_at 2026-04-16T12:55:00Z
8
value 0.00297
scoring_system epss
scoring_elements 0.53045
published_at 2026-04-13T12:55:00Z
9
value 0.00297
scoring_system epss
scoring_elements 0.5309
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3573
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3573
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3573
3
reference_url https://github.com/jquery-validation/jquery-validation
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jquery-validation/jquery-validation
4
reference_url https://github.com/jquery-validation/jquery-validation/commit/7a490d8f39bd988027568ddcf51755e1f4688902
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jquery-validation/jquery-validation/commit/7a490d8f39bd988027568ddcf51755e1f4688902
5
reference_url https://github.com/jquery-validation/jquery-validation/pull/2462
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jquery-validation/jquery-validation/pull/2462
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3573
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3573
7
reference_url https://security.snyk.io/vuln/SNYK-JS-JQUERYVALIDATION-5952285
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.snyk.io/vuln/SNYK-JS-JQUERYVALIDATION-5952285
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103445
reference_id 1103445
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103445
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104134
reference_id 1104134
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104134
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104135
reference_id 1104135
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104135
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104136
reference_id 1104136
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104136
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2359682
reference_id 2359682
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2359682
13
reference_url https://github.com/advisories/GHSA-rrj2-ph5q-jxw2
reference_id GHSA-rrj2-ph5q-jxw2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rrj2-ph5q-jxw2
fixed_packages
0
url pkg:deb/debian/znuny@6.5.16-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.16-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.16-1%3Fdistro=trixie
1
url pkg:deb/debian/znuny@6.5.19-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.19-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie
aliases CVE-2025-3573, GHSA-rrj2-ph5q-jxw2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zd8d-c1nk-g7a4
2
url VCID-zhfb-ajkc-5uc4
vulnerability_id VCID-zhfb-ajkc-5uc4
summary
references
fixed_packages
0
url pkg:deb/debian/znuny@6.5.19-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.19-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie
aliases CVE-2025-59490
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zhfb-ajkc-5uc4
Fixing_vulnerabilities
0
url VCID-12v6-61me-ffa1
vulnerability_id VCID-12v6-61me-ffa1
summary An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-32492
reference_id
reference_type
scores
0
value 0.0065
scoring_system epss
scoring_elements 0.70885
published_at 2026-04-18T12:55:00Z
1
value 0.0065
scoring_system epss
scoring_elements 0.70864
published_at 2026-04-11T12:55:00Z
2
value 0.0065
scoring_system epss
scoring_elements 0.70848
published_at 2026-04-12T12:55:00Z
3
value 0.0065
scoring_system epss
scoring_elements 0.70833
published_at 2026-04-13T12:55:00Z
4
value 0.0065
scoring_system epss
scoring_elements 0.70878
published_at 2026-04-16T12:55:00Z
5
value 0.0065
scoring_system epss
scoring_elements 0.70787
published_at 2026-04-02T12:55:00Z
6
value 0.0065
scoring_system epss
scoring_elements 0.70806
published_at 2026-04-04T12:55:00Z
7
value 0.0065
scoring_system epss
scoring_elements 0.70781
published_at 2026-04-07T12:55:00Z
8
value 0.0065
scoring_system epss
scoring_elements 0.70825
published_at 2026-04-08T12:55:00Z
9
value 0.0065
scoring_system epss
scoring_elements 0.70841
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-32492
1
reference_url https://znuny.com
reference_id znuny.com
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-05T15:52:23Z/
url https://znuny.com
2
reference_url https://www.znuny.org/en/advisories/zsa-2024-02
reference_id zsa-2024-02
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-05T15:52:23Z/
url https://www.znuny.org/en/advisories/zsa-2024-02
fixed_packages
0
url pkg:deb/debian/znuny@0?distro=trixie
purl pkg:deb/debian/znuny@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@0%3Fdistro=trixie
1
url pkg:deb/debian/znuny@6.5.1-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.1-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-169g-wxmh-qqbw
1
vulnerability VCID-1mkr-c1ay-jygw
2
vulnerability VCID-2rbn-u9eg-sua7
3
vulnerability VCID-4sdd-c9p8-3fac
4
vulnerability VCID-cqx8-tegf-pfhh
5
vulnerability VCID-kfqh-mtw2-3feu
6
vulnerability VCID-kr13-v6jr-5kg6
7
vulnerability VCID-ndgh-dr9p-kqbu
8
vulnerability VCID-qysv-aehy-d7ay
9
vulnerability VCID-s8fu-wpk4-3ycc
10
vulnerability VCID-x1sc-wvc6-a3hz
11
vulnerability VCID-yrdb-btgm-p3cd
12
vulnerability VCID-zd8d-c1nk-g7a4
13
vulnerability VCID-zhfb-ajkc-5uc4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.1-1%3Fdistro=trixie
2
url pkg:deb/debian/znuny@6.5.15-2?distro=trixie
purl pkg:deb/debian/znuny@6.5.15-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4sdd-c9p8-3fac
1
vulnerability VCID-zd8d-c1nk-g7a4
2
vulnerability VCID-zhfb-ajkc-5uc4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie
3
url pkg:deb/debian/znuny@6.5.19-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.19-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie
aliases CVE-2024-32492
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-12v6-61me-ffa1
1
url VCID-169g-wxmh-qqbw
vulnerability_id VCID-169g-wxmh-qqbw
summary Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. JavaScript code in the short description of the SLA field in Activity Dialogues is executed.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-48937
reference_id
reference_type
scores
0
value 0.01525
scoring_system epss
scoring_elements 0.81315
published_at 2026-04-18T12:55:00Z
1
value 0.01525
scoring_system epss
scoring_elements 0.81243
published_at 2026-04-07T12:55:00Z
2
value 0.01525
scoring_system epss
scoring_elements 0.81271
published_at 2026-04-08T12:55:00Z
3
value 0.01525
scoring_system epss
scoring_elements 0.81276
published_at 2026-04-13T12:55:00Z
4
value 0.01525
scoring_system epss
scoring_elements 0.81297
published_at 2026-04-11T12:55:00Z
5
value 0.01525
scoring_system epss
scoring_elements 0.81283
published_at 2026-04-12T12:55:00Z
6
value 0.01525
scoring_system epss
scoring_elements 0.81313
published_at 2026-04-16T12:55:00Z
7
value 0.01525
scoring_system epss
scoring_elements 0.81222
published_at 2026-04-02T12:55:00Z
8
value 0.01525
scoring_system epss
scoring_elements 0.81245
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-48937
1
reference_url https://www.znuny.org/en/advisories
reference_id advisories
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T15:39:09Z/
url https://www.znuny.org/en/advisories
2
reference_url https://www.znuny.com
reference_id www.znuny.com
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T15:39:09Z/
url https://www.znuny.com
3
reference_url https://www.znuny.org/en/advisories/zsa-2024-05
reference_id zsa-2024-05
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T15:39:09Z/
url https://www.znuny.org/en/advisories/zsa-2024-05
fixed_packages
0
url pkg:deb/debian/znuny@6.5.11-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.11-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.11-1%3Fdistro=trixie
1
url pkg:deb/debian/znuny@6.5.15-2?distro=trixie
purl pkg:deb/debian/znuny@6.5.15-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4sdd-c9p8-3fac
1
vulnerability VCID-zd8d-c1nk-g7a4
2
vulnerability VCID-zhfb-ajkc-5uc4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie
2
url pkg:deb/debian/znuny@6.5.19-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.19-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie
aliases CVE-2024-48937
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-169g-wxmh-qqbw
2
url VCID-1mkr-c1ay-jygw
vulnerability_id VCID-1mkr-c1ay-jygw
summary An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-26844
reference_id
reference_type
scores
0
value 0.00366
scoring_system epss
scoring_elements 0.58657
published_at 2026-04-18T12:55:00Z
1
value 0.00366
scoring_system epss
scoring_elements 0.58639
published_at 2026-04-12T12:55:00Z
2
value 0.00366
scoring_system epss
scoring_elements 0.58619
published_at 2026-04-13T12:55:00Z
3
value 0.00366
scoring_system epss
scoring_elements 0.58652
published_at 2026-04-16T12:55:00Z
4
value 0.00366
scoring_system epss
scoring_elements 0.58592
published_at 2026-04-02T12:55:00Z
5
value 0.00366
scoring_system epss
scoring_elements 0.58613
published_at 2026-04-04T12:55:00Z
6
value 0.00366
scoring_system epss
scoring_elements 0.58583
published_at 2026-04-07T12:55:00Z
7
value 0.00366
scoring_system epss
scoring_elements 0.58635
published_at 2026-04-08T12:55:00Z
8
value 0.00366
scoring_system epss
scoring_elements 0.58641
published_at 2026-04-09T12:55:00Z
9
value 0.00366
scoring_system epss
scoring_elements 0.58658
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-26844
1
reference_url https://www.znuny.com
reference_id www.znuny.com
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:48:53Z/
url https://www.znuny.com
2
reference_url https://www.znuny.org/en/advisories/zsa-2025-05
reference_id zsa-2025-05
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:48:53Z/
url https://www.znuny.org/en/advisories/zsa-2025-05
fixed_packages
0
url pkg:deb/debian/znuny@6.5.13-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.13-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.13-1%3Fdistro=trixie
1
url pkg:deb/debian/znuny@6.5.15-2?distro=trixie
purl pkg:deb/debian/znuny@6.5.15-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4sdd-c9p8-3fac
1
vulnerability VCID-zd8d-c1nk-g7a4
2
vulnerability VCID-zhfb-ajkc-5uc4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie
2
url pkg:deb/debian/znuny@6.5.19-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.19-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie
aliases CVE-2025-26844
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1mkr-c1ay-jygw
3
url VCID-2rbn-u9eg-sua7
vulnerability_id VCID-2rbn-u9eg-sua7
summary An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateAJAX subaction can be used to set user preferences with arbitrary keys. When fetching user data via GetUserData, these keys and values are retrieved and given as a whole to other function calls, which then might use these keys/values to affect permissions or other settings.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43926
reference_id
reference_type
scores
0
value 0.00213
scoring_system epss
scoring_elements 0.43828
published_at 2026-04-18T12:55:00Z
1
value 0.00213
scoring_system epss
scoring_elements 0.43791
published_at 2026-04-12T12:55:00Z
2
value 0.00213
scoring_system epss
scoring_elements 0.43775
published_at 2026-04-13T12:55:00Z
3
value 0.00213
scoring_system epss
scoring_elements 0.43836
published_at 2026-04-16T12:55:00Z
4
value 0.00213
scoring_system epss
scoring_elements 0.43794
published_at 2026-04-02T12:55:00Z
5
value 0.00213
scoring_system epss
scoring_elements 0.43819
published_at 2026-04-04T12:55:00Z
6
value 0.00213
scoring_system epss
scoring_elements 0.4375
published_at 2026-04-07T12:55:00Z
7
value 0.00213
scoring_system epss
scoring_elements 0.43801
published_at 2026-04-08T12:55:00Z
8
value 0.00213
scoring_system epss
scoring_elements 0.43804
published_at 2026-04-09T12:55:00Z
9
value 0.00213
scoring_system epss
scoring_elements 0.43824
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43926
1
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104739
reference_id 1104739
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104739
2
reference_url https://znuny.com
reference_id znuny.com
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-12T18:30:23Z/
url https://znuny.com
3
reference_url https://www.znuny.org/en/advisories/zsa-2025-07
reference_id zsa-2025-07
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-12T18:30:23Z/
url https://www.znuny.org/en/advisories/zsa-2025-07
fixed_packages
0
url pkg:deb/debian/znuny@6.5.15-2?distro=trixie
purl pkg:deb/debian/znuny@6.5.15-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4sdd-c9p8-3fac
1
vulnerability VCID-zd8d-c1nk-g7a4
2
vulnerability VCID-zhfb-ajkc-5uc4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie
1
url pkg:deb/debian/znuny@6.5.19-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.19-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie
aliases CVE-2025-43926
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2rbn-u9eg-sua7
4
url VCID-2yyp-zhcc-mbgq
vulnerability_id VCID-2yyp-zhcc-mbgq
summary Specially crafted string in OTRS system configuration can allow the execution of any system command.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-36100
reference_id
reference_type
scores
0
value 0.0072
scoring_system epss
scoring_elements 0.72417
published_at 2026-04-07T12:55:00Z
1
value 0.0072
scoring_system epss
scoring_elements 0.72423
published_at 2026-04-02T12:55:00Z
2
value 0.0072
scoring_system epss
scoring_elements 0.7244
published_at 2026-04-04T12:55:00Z
3
value 0.0072
scoring_system epss
scoring_elements 0.72456
published_at 2026-04-08T12:55:00Z
4
value 0.0072
scoring_system epss
scoring_elements 0.72468
published_at 2026-04-09T12:55:00Z
5
value 0.0072
scoring_system epss
scoring_elements 0.72492
published_at 2026-04-11T12:55:00Z
6
value 0.0072
scoring_system epss
scoring_elements 0.72474
published_at 2026-04-12T12:55:00Z
7
value 0.0072
scoring_system epss
scoring_elements 0.72464
published_at 2026-04-13T12:55:00Z
8
value 0.0072
scoring_system epss
scoring_elements 0.72506
published_at 2026-04-16T12:55:00Z
9
value 0.0072
scoring_system epss
scoring_elements 0.72514
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-36100
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36100
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36100
fixed_packages
0
url pkg:deb/debian/znuny@0?distro=trixie
purl pkg:deb/debian/znuny@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@0%3Fdistro=trixie
1
url pkg:deb/debian/znuny@6.5.1-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.1-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-169g-wxmh-qqbw
1
vulnerability VCID-1mkr-c1ay-jygw
2
vulnerability VCID-2rbn-u9eg-sua7
3
vulnerability VCID-4sdd-c9p8-3fac
4
vulnerability VCID-cqx8-tegf-pfhh
5
vulnerability VCID-kfqh-mtw2-3feu
6
vulnerability VCID-kr13-v6jr-5kg6
7
vulnerability VCID-ndgh-dr9p-kqbu
8
vulnerability VCID-qysv-aehy-d7ay
9
vulnerability VCID-s8fu-wpk4-3ycc
10
vulnerability VCID-x1sc-wvc6-a3hz
11
vulnerability VCID-yrdb-btgm-p3cd
12
vulnerability VCID-zd8d-c1nk-g7a4
13
vulnerability VCID-zhfb-ajkc-5uc4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.1-1%3Fdistro=trixie
2
url pkg:deb/debian/znuny@6.5.15-2?distro=trixie
purl pkg:deb/debian/znuny@6.5.15-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4sdd-c9p8-3fac
1
vulnerability VCID-zd8d-c1nk-g7a4
2
vulnerability VCID-zhfb-ajkc-5uc4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie
3
url pkg:deb/debian/znuny@6.5.19-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.19-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie
aliases CVE-2021-36100
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2yyp-zhcc-mbgq
5
url VCID-57jx-quzh-fubc
vulnerability_id VCID-57jx-quzh-fubc
summary Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21443
reference_id
reference_type
scores
0
value 0.0022
scoring_system epss
scoring_elements 0.44548
published_at 2026-04-01T12:55:00Z
1
value 0.0022
scoring_system epss
scoring_elements 0.44628
published_at 2026-04-02T12:55:00Z
2
value 0.0022
scoring_system epss
scoring_elements 0.44648
published_at 2026-04-04T12:55:00Z
3
value 0.0022
scoring_system epss
scoring_elements 0.44585
published_at 2026-04-07T12:55:00Z
4
value 0.0022
scoring_system epss
scoring_elements 0.44637
published_at 2026-04-08T12:55:00Z
5
value 0.0022
scoring_system epss
scoring_elements 0.44639
published_at 2026-04-09T12:55:00Z
6
value 0.0022
scoring_system epss
scoring_elements 0.44655
published_at 2026-04-11T12:55:00Z
7
value 0.0022
scoring_system epss
scoring_elements 0.44625
published_at 2026-04-12T12:55:00Z
8
value 0.0022
scoring_system epss
scoring_elements 0.44626
published_at 2026-04-13T12:55:00Z
9
value 0.0022
scoring_system epss
scoring_elements 0.4468
published_at 2026-04-16T12:55:00Z
10
value 0.0022
scoring_system epss
scoring_elements 0.44672
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21443
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21443
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21443
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991593
reference_id 991593
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991593
fixed_packages
0
url pkg:deb/debian/znuny@0?distro=trixie
purl pkg:deb/debian/znuny@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@0%3Fdistro=trixie
1
url pkg:deb/debian/znuny@6.5.1-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.1-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-169g-wxmh-qqbw
1
vulnerability VCID-1mkr-c1ay-jygw
2
vulnerability VCID-2rbn-u9eg-sua7
3
vulnerability VCID-4sdd-c9p8-3fac
4
vulnerability VCID-cqx8-tegf-pfhh
5
vulnerability VCID-kfqh-mtw2-3feu
6
vulnerability VCID-kr13-v6jr-5kg6
7
vulnerability VCID-ndgh-dr9p-kqbu
8
vulnerability VCID-qysv-aehy-d7ay
9
vulnerability VCID-s8fu-wpk4-3ycc
10
vulnerability VCID-x1sc-wvc6-a3hz
11
vulnerability VCID-yrdb-btgm-p3cd
12
vulnerability VCID-zd8d-c1nk-g7a4
13
vulnerability VCID-zhfb-ajkc-5uc4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.1-1%3Fdistro=trixie
2
url pkg:deb/debian/znuny@6.5.15-2?distro=trixie
purl pkg:deb/debian/znuny@6.5.15-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4sdd-c9p8-3fac
1
vulnerability VCID-zd8d-c1nk-g7a4
2
vulnerability VCID-zhfb-ajkc-5uc4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie
3
url pkg:deb/debian/znuny@6.5.19-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.19-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie
aliases CVE-2021-21443
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-57jx-quzh-fubc
6
url VCID-9431-8f5f-rfct
vulnerability_id VCID-9431-8f5f-rfct
summary DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions; 8.0.x version 8.0.13 and prior versions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21439
reference_id
reference_type
scores
0
value 0.00348
scoring_system epss
scoring_elements 0.57232
published_at 2026-04-01T12:55:00Z
1
value 0.00348
scoring_system epss
scoring_elements 0.57314
published_at 2026-04-07T12:55:00Z
2
value 0.00348
scoring_system epss
scoring_elements 0.57337
published_at 2026-04-04T12:55:00Z
3
value 0.00348
scoring_system epss
scoring_elements 0.57365
published_at 2026-04-08T12:55:00Z
4
value 0.00348
scoring_system epss
scoring_elements 0.57367
published_at 2026-04-16T12:55:00Z
5
value 0.00348
scoring_system epss
scoring_elements 0.57382
published_at 2026-04-11T12:55:00Z
6
value 0.00348
scoring_system epss
scoring_elements 0.57362
published_at 2026-04-18T12:55:00Z
7
value 0.00348
scoring_system epss
scoring_elements 0.57341
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21439
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21439
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21439
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989992
reference_id 989992
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989992
fixed_packages
0
url pkg:deb/debian/znuny@0?distro=trixie
purl pkg:deb/debian/znuny@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@0%3Fdistro=trixie
1
url pkg:deb/debian/znuny@6.5.1-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.1-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-169g-wxmh-qqbw
1
vulnerability VCID-1mkr-c1ay-jygw
2
vulnerability VCID-2rbn-u9eg-sua7
3
vulnerability VCID-4sdd-c9p8-3fac
4
vulnerability VCID-cqx8-tegf-pfhh
5
vulnerability VCID-kfqh-mtw2-3feu
6
vulnerability VCID-kr13-v6jr-5kg6
7
vulnerability VCID-ndgh-dr9p-kqbu
8
vulnerability VCID-qysv-aehy-d7ay
9
vulnerability VCID-s8fu-wpk4-3ycc
10
vulnerability VCID-x1sc-wvc6-a3hz
11
vulnerability VCID-yrdb-btgm-p3cd
12
vulnerability VCID-zd8d-c1nk-g7a4
13
vulnerability VCID-zhfb-ajkc-5uc4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.1-1%3Fdistro=trixie
2
url pkg:deb/debian/znuny@6.5.15-2?distro=trixie
purl pkg:deb/debian/znuny@6.5.15-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4sdd-c9p8-3fac
1
vulnerability VCID-zd8d-c1nk-g7a4
2
vulnerability VCID-zhfb-ajkc-5uc4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie
3
url pkg:deb/debian/znuny@6.5.19-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.19-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie
aliases CVE-2021-21439
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9431-8f5f-rfct
7
url VCID-cqx8-tegf-pfhh
vulnerability_id VCID-cqx8-tegf-pfhh
summary An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content of S/MIME encrypted e-mail messages is visible to users with access to the CommunicationLog.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-26842
reference_id
reference_type
scores
0
value 0.00287
scoring_system epss
scoring_elements 0.52225
published_at 2026-04-18T12:55:00Z
1
value 0.00287
scoring_system epss
scoring_elements 0.52222
published_at 2026-04-16T12:55:00Z
2
value 0.00287
scoring_system epss
scoring_elements 0.5212
published_at 2026-04-02T12:55:00Z
3
value 0.00287
scoring_system epss
scoring_elements 0.52147
published_at 2026-04-04T12:55:00Z
4
value 0.00287
scoring_system epss
scoring_elements 0.52112
published_at 2026-04-07T12:55:00Z
5
value 0.00287
scoring_system epss
scoring_elements 0.52166
published_at 2026-04-08T12:55:00Z
6
value 0.00287
scoring_system epss
scoring_elements 0.52162
published_at 2026-04-09T12:55:00Z
7
value 0.00287
scoring_system epss
scoring_elements 0.52213
published_at 2026-04-11T12:55:00Z
8
value 0.00287
scoring_system epss
scoring_elements 0.52196
published_at 2026-04-12T12:55:00Z
9
value 0.00287
scoring_system epss
scoring_elements 0.52182
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-26842
1
reference_url https://www.znuny.org/en/advisories/zsa-2025-01
reference_id zsa-2025-01
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:53:25Z/
url https://www.znuny.org/en/advisories/zsa-2025-01
fixed_packages
0
url pkg:deb/debian/znuny@6.5.13-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.13-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.13-1%3Fdistro=trixie
1
url pkg:deb/debian/znuny@6.5.15-2?distro=trixie
purl pkg:deb/debian/znuny@6.5.15-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4sdd-c9p8-3fac
1
vulnerability VCID-zd8d-c1nk-g7a4
2
vulnerability VCID-zhfb-ajkc-5uc4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie
2
url pkg:deb/debian/znuny@6.5.19-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.19-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie
aliases CVE-2025-26842
risk_score 1.9
exploitability 0.5
weighted_severity 3.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cqx8-tegf-pfhh
8
url VCID-cx2r-g5rk-1yhn
vulnerability_id VCID-cx2r-g5rk-1yhn
summary Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-4427
reference_id
reference_type
scores
0
value 0.0041
scoring_system epss
scoring_elements 0.61384
published_at 2026-04-18T12:55:00Z
1
value 0.0041
scoring_system epss
scoring_elements 0.6136
published_at 2026-04-12T12:55:00Z
2
value 0.0041
scoring_system epss
scoring_elements 0.61341
published_at 2026-04-13T12:55:00Z
3
value 0.0041
scoring_system epss
scoring_elements 0.6138
published_at 2026-04-16T12:55:00Z
4
value 0.0041
scoring_system epss
scoring_elements 0.61294
published_at 2026-04-02T12:55:00Z
5
value 0.0041
scoring_system epss
scoring_elements 0.61323
published_at 2026-04-04T12:55:00Z
6
value 0.0041
scoring_system epss
scoring_elements 0.61291
published_at 2026-04-07T12:55:00Z
7
value 0.0041
scoring_system epss
scoring_elements 0.61339
published_at 2026-04-08T12:55:00Z
8
value 0.0041
scoring_system epss
scoring_elements 0.61354
published_at 2026-04-09T12:55:00Z
9
value 0.0041
scoring_system epss
scoring_elements 0.61374
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-4427
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4427
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4427
2
reference_url https://otrs.com/release-notes/otrs-security-advisory-2022-15/
reference_id otrs-security-advisory-2022-15
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T18:03:48Z/
url https://otrs.com/release-notes/otrs-security-advisory-2022-15/
fixed_packages
0
url pkg:deb/debian/znuny@6.4.5-1?distro=trixie
purl pkg:deb/debian/znuny@6.4.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.4.5-1%3Fdistro=trixie
1
url pkg:deb/debian/znuny@6.5.1-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.1-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-169g-wxmh-qqbw
1
vulnerability VCID-1mkr-c1ay-jygw
2
vulnerability VCID-2rbn-u9eg-sua7
3
vulnerability VCID-4sdd-c9p8-3fac
4
vulnerability VCID-cqx8-tegf-pfhh
5
vulnerability VCID-kfqh-mtw2-3feu
6
vulnerability VCID-kr13-v6jr-5kg6
7
vulnerability VCID-ndgh-dr9p-kqbu
8
vulnerability VCID-qysv-aehy-d7ay
9
vulnerability VCID-s8fu-wpk4-3ycc
10
vulnerability VCID-x1sc-wvc6-a3hz
11
vulnerability VCID-yrdb-btgm-p3cd
12
vulnerability VCID-zd8d-c1nk-g7a4
13
vulnerability VCID-zhfb-ajkc-5uc4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.1-1%3Fdistro=trixie
2
url pkg:deb/debian/znuny@6.5.15-2?distro=trixie
purl pkg:deb/debian/znuny@6.5.15-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4sdd-c9p8-3fac
1
vulnerability VCID-zd8d-c1nk-g7a4
2
vulnerability VCID-zhfb-ajkc-5uc4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie
3
url pkg:deb/debian/znuny@6.5.19-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.19-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie
aliases CVE-2022-4427
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cx2r-g5rk-1yhn
9
url VCID-kfqh-mtw2-3feu
vulnerability_id VCID-kfqh-mtw2-3feu
summary An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-26847
reference_id
reference_type
scores
0
value 0.00298
scoring_system epss
scoring_elements 0.532
published_at 2026-04-18T12:55:00Z
1
value 0.00298
scoring_system epss
scoring_elements 0.53169
published_at 2026-04-12T12:55:00Z
2
value 0.00298
scoring_system epss
scoring_elements 0.53153
published_at 2026-04-13T12:55:00Z
3
value 0.00298
scoring_system epss
scoring_elements 0.53193
published_at 2026-04-16T12:55:00Z
4
value 0.00298
scoring_system epss
scoring_elements 0.53097
published_at 2026-04-02T12:55:00Z
5
value 0.00298
scoring_system epss
scoring_elements 0.53121
published_at 2026-04-04T12:55:00Z
6
value 0.00298
scoring_system epss
scoring_elements 0.53089
published_at 2026-04-07T12:55:00Z
7
value 0.00298
scoring_system epss
scoring_elements 0.5314
published_at 2026-04-08T12:55:00Z
8
value 0.00298
scoring_system epss
scoring_elements 0.53134
published_at 2026-04-09T12:55:00Z
9
value 0.00298
scoring_system epss
scoring_elements 0.53184
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-26847
1
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104739
reference_id 1104739
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104739
2
reference_url https://www.znuny.com
reference_id www.znuny.com
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:58:30Z/
url https://www.znuny.com
3
reference_url https://www.znuny.org/en/advisories/zsa-2025-06
reference_id zsa-2025-06
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:58:30Z/
url https://www.znuny.org/en/advisories/zsa-2025-06
fixed_packages
0
url pkg:deb/debian/znuny@6.5.15-2?distro=trixie
purl pkg:deb/debian/znuny@6.5.15-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4sdd-c9p8-3fac
1
vulnerability VCID-zd8d-c1nk-g7a4
2
vulnerability VCID-zhfb-ajkc-5uc4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie
1
url pkg:deb/debian/znuny@6.5.19-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.19-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie
aliases CVE-2025-26847
risk_score 2.2
exploitability 0.5
weighted_severity 4.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kfqh-mtw2-3feu
10
url VCID-kr13-v6jr-5kg6
vulnerability_id VCID-kr13-v6jr-5kg6
summary An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file (via a manipulated AJAX Request) to an arbitrary writable location by traversing paths. Arbitrary code can be executed if this location is publicly available through the web server.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-32491
reference_id
reference_type
scores
0
value 0.00585
scoring_system epss
scoring_elements 0.69101
published_at 2026-04-18T12:55:00Z
1
value 0.00585
scoring_system epss
scoring_elements 0.69097
published_at 2026-04-11T12:55:00Z
2
value 0.00585
scoring_system epss
scoring_elements 0.69083
published_at 2026-04-12T12:55:00Z
3
value 0.00585
scoring_system epss
scoring_elements 0.69053
published_at 2026-04-13T12:55:00Z
4
value 0.00585
scoring_system epss
scoring_elements 0.69092
published_at 2026-04-16T12:55:00Z
5
value 0.00585
scoring_system epss
scoring_elements 0.69004
published_at 2026-04-02T12:55:00Z
6
value 0.00585
scoring_system epss
scoring_elements 0.69024
published_at 2026-04-04T12:55:00Z
7
value 0.00585
scoring_system epss
scoring_elements 0.69005
published_at 2026-04-07T12:55:00Z
8
value 0.00585
scoring_system epss
scoring_elements 0.69055
published_at 2026-04-08T12:55:00Z
9
value 0.00585
scoring_system epss
scoring_elements 0.69074
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-32491
1
reference_url https://znuny.com
reference_id znuny.com
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-30T15:40:28Z/
url https://znuny.com
2
reference_url https://www.znuny.org/en/advisories/zsa-2024-01
reference_id zsa-2024-01
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-30T15:40:28Z/
url https://www.znuny.org/en/advisories/zsa-2024-01
fixed_packages
0
url pkg:deb/debian/znuny@6.5.8-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.8-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.8-1%3Fdistro=trixie
1
url pkg:deb/debian/znuny@6.5.15-2?distro=trixie
purl pkg:deb/debian/znuny@6.5.15-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4sdd-c9p8-3fac
1
vulnerability VCID-zd8d-c1nk-g7a4
2
vulnerability VCID-zhfb-ajkc-5uc4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie
2
url pkg:deb/debian/znuny@6.5.19-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.19-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie
aliases CVE-2024-32491
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kr13-v6jr-5kg6
11
url VCID-ndgh-dr9p-kqbu
vulnerability_id VCID-ndgh-dr9p-kqbu
summary An issue was discovered in Znuny LTS 6.5.1 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in agent is able to inject SQL in the draft form ID parameter of an AJAX request.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-32493
reference_id
reference_type
scores
0
value 0.00608
scoring_system epss
scoring_elements 0.6976
published_at 2026-04-18T12:55:00Z
1
value 0.00608
scoring_system epss
scoring_elements 0.69739
published_at 2026-04-11T12:55:00Z
2
value 0.00608
scoring_system epss
scoring_elements 0.69724
published_at 2026-04-12T12:55:00Z
3
value 0.00608
scoring_system epss
scoring_elements 0.69711
published_at 2026-04-13T12:55:00Z
4
value 0.00608
scoring_system epss
scoring_elements 0.69751
published_at 2026-04-16T12:55:00Z
5
value 0.00608
scoring_system epss
scoring_elements 0.69655
published_at 2026-04-02T12:55:00Z
6
value 0.00608
scoring_system epss
scoring_elements 0.69672
published_at 2026-04-04T12:55:00Z
7
value 0.00608
scoring_system epss
scoring_elements 0.69649
published_at 2026-04-07T12:55:00Z
8
value 0.00608
scoring_system epss
scoring_elements 0.69699
published_at 2026-04-08T12:55:00Z
9
value 0.00608
scoring_system epss
scoring_elements 0.69716
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-32493
1
reference_url https://znuny.com
reference_id znuny.com
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-30T14:46:04Z/
url https://znuny.com
2
reference_url https://www.znuny.org/en/advisories/zsa-2024-03
reference_id zsa-2024-03
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-30T14:46:04Z/
url https://www.znuny.org/en/advisories/zsa-2024-03
fixed_packages
0
url pkg:deb/debian/znuny@6.5.8-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.8-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.8-1%3Fdistro=trixie
1
url pkg:deb/debian/znuny@6.5.15-2?distro=trixie
purl pkg:deb/debian/znuny@6.5.15-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4sdd-c9p8-3fac
1
vulnerability VCID-zd8d-c1nk-g7a4
2
vulnerability VCID-zhfb-ajkc-5uc4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie
2
url pkg:deb/debian/znuny@6.5.19-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.19-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie
aliases CVE-2024-32493
risk_score 2.2
exploitability 0.5
weighted_severity 4.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ndgh-dr9p-kqbu
12
url VCID-qysv-aehy-d7ay
vulnerability_id VCID-qysv-aehy-d7ay
summary Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment.  This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-38060
reference_id
reference_type
scores
0
value 0.00226
scoring_system epss
scoring_elements 0.45375
published_at 2026-04-18T12:55:00Z
1
value 0.00233
scoring_system epss
scoring_elements 0.46117
published_at 2026-04-08T12:55:00Z
2
value 0.00233
scoring_system epss
scoring_elements 0.46138
published_at 2026-04-11T12:55:00Z
3
value 0.00233
scoring_system epss
scoring_elements 0.4611
published_at 2026-04-12T12:55:00Z
4
value 0.00233
scoring_system epss
scoring_elements 0.46119
published_at 2026-04-13T12:55:00Z
5
value 0.00233
scoring_system epss
scoring_elements 0.46176
published_at 2026-04-16T12:55:00Z
6
value 0.00233
scoring_system epss
scoring_elements 0.46113
published_at 2026-04-04T12:55:00Z
7
value 0.00233
scoring_system epss
scoring_elements 0.4606
published_at 2026-04-07T12:55:00Z
8
value 0.00233
scoring_system epss
scoring_elements 0.46092
published_at 2026-04-02T12:55:00Z
9
value 0.00233
scoring_system epss
scoring_elements 0.46114
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-38060
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38060
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38060
2
reference_url https://otrs.com/release-notes/otrs-security-advisory-2023-04/
reference_id otrs-security-advisory-2023-04
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-17T13:01:31Z/
url https://otrs.com/release-notes/otrs-security-advisory-2023-04/
fixed_packages
0
url pkg:deb/debian/znuny@6.5.3-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.3-1%3Fdistro=trixie
1
url pkg:deb/debian/znuny@6.5.15-2?distro=trixie
purl pkg:deb/debian/znuny@6.5.15-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4sdd-c9p8-3fac
1
vulnerability VCID-zd8d-c1nk-g7a4
2
vulnerability VCID-zhfb-ajkc-5uc4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie
2
url pkg:deb/debian/znuny@6.5.19-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.19-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie
aliases CVE-2023-38060
risk_score 2.9
exploitability 0.5
weighted_severity 5.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qysv-aehy-d7ay
13
url VCID-s8fu-wpk4-3ycc
vulnerability_id VCID-s8fu-wpk4-3ycc
summary An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-26846
reference_id
reference_type
scores
0
value 0.00404
scoring_system epss
scoring_elements 0.61011
published_at 2026-04-18T12:55:00Z
1
value 0.00404
scoring_system epss
scoring_elements 0.60982
published_at 2026-04-12T12:55:00Z
2
value 0.00404
scoring_system epss
scoring_elements 0.60963
published_at 2026-04-13T12:55:00Z
3
value 0.00404
scoring_system epss
scoring_elements 0.61005
published_at 2026-04-16T12:55:00Z
4
value 0.00404
scoring_system epss
scoring_elements 0.60916
published_at 2026-04-02T12:55:00Z
5
value 0.00404
scoring_system epss
scoring_elements 0.60945
published_at 2026-04-04T12:55:00Z
6
value 0.00404
scoring_system epss
scoring_elements 0.6091
published_at 2026-04-07T12:55:00Z
7
value 0.00404
scoring_system epss
scoring_elements 0.60959
published_at 2026-04-08T12:55:00Z
8
value 0.00404
scoring_system epss
scoring_elements 0.60975
published_at 2026-04-09T12:55:00Z
9
value 0.00404
scoring_system epss
scoring_elements 0.60997
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-26846
1
reference_url https://www.znuny.com
reference_id www.znuny.com
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-12T21:50:36Z/
url https://www.znuny.com
2
reference_url https://www.znuny.org/en/advisories/zsa-2025-02
reference_id zsa-2025-02
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-12T21:50:36Z/
url https://www.znuny.org/en/advisories/zsa-2025-02
fixed_packages
0
url pkg:deb/debian/znuny@6.5.13-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.13-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.13-1%3Fdistro=trixie
1
url pkg:deb/debian/znuny@6.5.15-2?distro=trixie
purl pkg:deb/debian/znuny@6.5.15-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4sdd-c9p8-3fac
1
vulnerability VCID-zd8d-c1nk-g7a4
2
vulnerability VCID-zhfb-ajkc-5uc4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie
2
url pkg:deb/debian/znuny@6.5.19-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.19-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie
aliases CVE-2025-26846
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s8fu-wpk4-3ycc
14
url VCID-u3ed-wmjx-9fcq
vulnerability_id VCID-u3ed-wmjx-9fcq
summary Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21440
reference_id
reference_type
scores
0
value 0.00179
scoring_system epss
scoring_elements 0.394
published_at 2026-04-01T12:55:00Z
1
value 0.00179
scoring_system epss
scoring_elements 0.39563
published_at 2026-04-02T12:55:00Z
2
value 0.00179
scoring_system epss
scoring_elements 0.39586
published_at 2026-04-04T12:55:00Z
3
value 0.00179
scoring_system epss
scoring_elements 0.39501
published_at 2026-04-07T12:55:00Z
4
value 0.00179
scoring_system epss
scoring_elements 0.39556
published_at 2026-04-08T12:55:00Z
5
value 0.00179
scoring_system epss
scoring_elements 0.39572
published_at 2026-04-09T12:55:00Z
6
value 0.00179
scoring_system epss
scoring_elements 0.39582
published_at 2026-04-11T12:55:00Z
7
value 0.00179
scoring_system epss
scoring_elements 0.39544
published_at 2026-04-12T12:55:00Z
8
value 0.00179
scoring_system epss
scoring_elements 0.39528
published_at 2026-04-13T12:55:00Z
9
value 0.00179
scoring_system epss
scoring_elements 0.39578
published_at 2026-04-16T12:55:00Z
10
value 0.00179
scoring_system epss
scoring_elements 0.39549
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21440
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21440
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21440
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991593
reference_id 991593
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991593
fixed_packages
0
url pkg:deb/debian/znuny@0?distro=trixie
purl pkg:deb/debian/znuny@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@0%3Fdistro=trixie
1
url pkg:deb/debian/znuny@6.5.1-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.1-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-169g-wxmh-qqbw
1
vulnerability VCID-1mkr-c1ay-jygw
2
vulnerability VCID-2rbn-u9eg-sua7
3
vulnerability VCID-4sdd-c9p8-3fac
4
vulnerability VCID-cqx8-tegf-pfhh
5
vulnerability VCID-kfqh-mtw2-3feu
6
vulnerability VCID-kr13-v6jr-5kg6
7
vulnerability VCID-ndgh-dr9p-kqbu
8
vulnerability VCID-qysv-aehy-d7ay
9
vulnerability VCID-s8fu-wpk4-3ycc
10
vulnerability VCID-x1sc-wvc6-a3hz
11
vulnerability VCID-yrdb-btgm-p3cd
12
vulnerability VCID-zd8d-c1nk-g7a4
13
vulnerability VCID-zhfb-ajkc-5uc4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.1-1%3Fdistro=trixie
2
url pkg:deb/debian/znuny@6.5.15-2?distro=trixie
purl pkg:deb/debian/znuny@6.5.15-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4sdd-c9p8-3fac
1
vulnerability VCID-zd8d-c1nk-g7a4
2
vulnerability VCID-zhfb-ajkc-5uc4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie
3
url pkg:deb/debian/znuny@6.5.19-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.19-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie
aliases CVE-2021-21440
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u3ed-wmjx-9fcq
15
url VCID-u8xm-v9ek-yuar
vulnerability_id VCID-u8xm-v9ek-yuar
summary There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21441
reference_id
reference_type
scores
0
value 0.00296
scoring_system epss
scoring_elements 0.52823
published_at 2026-04-01T12:55:00Z
1
value 0.00296
scoring_system epss
scoring_elements 0.5285
published_at 2026-04-02T12:55:00Z
2
value 0.00296
scoring_system epss
scoring_elements 0.52876
published_at 2026-04-04T12:55:00Z
3
value 0.00296
scoring_system epss
scoring_elements 0.52844
published_at 2026-04-07T12:55:00Z
4
value 0.00296
scoring_system epss
scoring_elements 0.52895
published_at 2026-04-08T12:55:00Z
5
value 0.00296
scoring_system epss
scoring_elements 0.52889
published_at 2026-04-09T12:55:00Z
6
value 0.00296
scoring_system epss
scoring_elements 0.52939
published_at 2026-04-11T12:55:00Z
7
value 0.00296
scoring_system epss
scoring_elements 0.52923
published_at 2026-04-12T12:55:00Z
8
value 0.00296
scoring_system epss
scoring_elements 0.52907
published_at 2026-04-13T12:55:00Z
9
value 0.00296
scoring_system epss
scoring_elements 0.52944
published_at 2026-04-16T12:55:00Z
10
value 0.00296
scoring_system epss
scoring_elements 0.52951
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21441
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21441
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21441
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989992
reference_id 989992
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989992
fixed_packages
0
url pkg:deb/debian/znuny@0?distro=trixie
purl pkg:deb/debian/znuny@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@0%3Fdistro=trixie
1
url pkg:deb/debian/znuny@6.5.1-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.1-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-169g-wxmh-qqbw
1
vulnerability VCID-1mkr-c1ay-jygw
2
vulnerability VCID-2rbn-u9eg-sua7
3
vulnerability VCID-4sdd-c9p8-3fac
4
vulnerability VCID-cqx8-tegf-pfhh
5
vulnerability VCID-kfqh-mtw2-3feu
6
vulnerability VCID-kr13-v6jr-5kg6
7
vulnerability VCID-ndgh-dr9p-kqbu
8
vulnerability VCID-qysv-aehy-d7ay
9
vulnerability VCID-s8fu-wpk4-3ycc
10
vulnerability VCID-x1sc-wvc6-a3hz
11
vulnerability VCID-yrdb-btgm-p3cd
12
vulnerability VCID-zd8d-c1nk-g7a4
13
vulnerability VCID-zhfb-ajkc-5uc4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.1-1%3Fdistro=trixie
2
url pkg:deb/debian/znuny@6.5.15-2?distro=trixie
purl pkg:deb/debian/znuny@6.5.15-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4sdd-c9p8-3fac
1
vulnerability VCID-zd8d-c1nk-g7a4
2
vulnerability VCID-zhfb-ajkc-5uc4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie
3
url pkg:deb/debian/znuny@6.5.19-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.19-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie
aliases CVE-2021-21441
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u8xm-v9ek-yuar
16
url VCID-x1sc-wvc6-a3hz
vulnerability_id VCID-x1sc-wvc6-a3hz
summary Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied from Microsoft Word could lead to high CPU usage and block the parsing process.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-48938
reference_id
reference_type
scores
0
value 0.00699
scoring_system epss
scoring_elements 0.72013
published_at 2026-04-18T12:55:00Z
1
value 0.00699
scoring_system epss
scoring_elements 0.71961
published_at 2026-04-08T12:55:00Z
2
value 0.00699
scoring_system epss
scoring_elements 0.71973
published_at 2026-04-09T12:55:00Z
3
value 0.00699
scoring_system epss
scoring_elements 0.71997
published_at 2026-04-11T12:55:00Z
4
value 0.00699
scoring_system epss
scoring_elements 0.71981
published_at 2026-04-12T12:55:00Z
5
value 0.00699
scoring_system epss
scoring_elements 0.71965
published_at 2026-04-13T12:55:00Z
6
value 0.00699
scoring_system epss
scoring_elements 0.72006
published_at 2026-04-16T12:55:00Z
7
value 0.00699
scoring_system epss
scoring_elements 0.71926
published_at 2026-04-02T12:55:00Z
8
value 0.00699
scoring_system epss
scoring_elements 0.71945
published_at 2026-04-04T12:55:00Z
9
value 0.00699
scoring_system epss
scoring_elements 0.71922
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-48938
1
reference_url https://www.znuny.org/en/advisories
reference_id advisories
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T18:44:51Z/
url https://www.znuny.org/en/advisories
2
reference_url https://www.znuny.com
reference_id www.znuny.com
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T18:44:51Z/
url https://www.znuny.com
3
reference_url https://www.znuny.org/en/advisories/zsa-2024-04
reference_id zsa-2024-04
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T18:44:51Z/
url https://www.znuny.org/en/advisories/zsa-2024-04
fixed_packages
0
url pkg:deb/debian/znuny@6.5.11-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.11-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.11-1%3Fdistro=trixie
1
url pkg:deb/debian/znuny@6.5.15-2?distro=trixie
purl pkg:deb/debian/znuny@6.5.15-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4sdd-c9p8-3fac
1
vulnerability VCID-zd8d-c1nk-g7a4
2
vulnerability VCID-zhfb-ajkc-5uc4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie
2
url pkg:deb/debian/znuny@6.5.19-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.19-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie
aliases CVE-2024-48938
risk_score 1.9
exploitability 0.5
weighted_severity 3.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x1sc-wvc6-a3hz
17
url VCID-yrdb-btgm-p3cd
vulnerability_id VCID-yrdb-btgm-p3cd
summary An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-26845
reference_id
reference_type
scores
0
value 0.0041
scoring_system epss
scoring_elements 0.61379
published_at 2026-04-18T12:55:00Z
1
value 0.0041
scoring_system epss
scoring_elements 0.61354
published_at 2026-04-12T12:55:00Z
2
value 0.0041
scoring_system epss
scoring_elements 0.61336
published_at 2026-04-13T12:55:00Z
3
value 0.0041
scoring_system epss
scoring_elements 0.61374
published_at 2026-04-16T12:55:00Z
4
value 0.0041
scoring_system epss
scoring_elements 0.61289
published_at 2026-04-02T12:55:00Z
5
value 0.0041
scoring_system epss
scoring_elements 0.61318
published_at 2026-04-04T12:55:00Z
6
value 0.0041
scoring_system epss
scoring_elements 0.61286
published_at 2026-04-07T12:55:00Z
7
value 0.0041
scoring_system epss
scoring_elements 0.61334
published_at 2026-04-08T12:55:00Z
8
value 0.0041
scoring_system epss
scoring_elements 0.61349
published_at 2026-04-09T12:55:00Z
9
value 0.0041
scoring_system epss
scoring_elements 0.61369
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-26845
1
reference_url https://www.znuny.com
reference_id www.znuny.com
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:45:30Z/
url https://www.znuny.com
2
reference_url https://www.znuny.org/en/advisories/zsa-2025-03
reference_id zsa-2025-03
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:45:30Z/
url https://www.znuny.org/en/advisories/zsa-2025-03
fixed_packages
0
url pkg:deb/debian/znuny@6.5.13-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.13-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.13-1%3Fdistro=trixie
1
url pkg:deb/debian/znuny@6.5.15-2?distro=trixie
purl pkg:deb/debian/znuny@6.5.15-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4sdd-c9p8-3fac
1
vulnerability VCID-zd8d-c1nk-g7a4
2
vulnerability VCID-zhfb-ajkc-5uc4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie
2
url pkg:deb/debian/znuny@6.5.19-1?distro=trixie
purl pkg:deb/debian/znuny@6.5.19-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie
aliases CVE-2025-26845
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yrdb-btgm-p3cd
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie