Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/943989?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/943989?format=api", "purl": "pkg:deb/debian/znuny@6.5.15-2?distro=trixie", "type": "deb", "namespace": "debian", "name": "znuny", "version": "6.5.15-2", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "6.5.16-1", "latest_non_vulnerable_version": "6.5.19-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/330164?format=api", "vulnerability_id": "VCID-4sdd-c9p8-3fac", "summary": "A Cross-Site Scripting (XSS) vulnerability exists in Znuny::ITSM 6.5.x in the customer.pl endpoint via the OTRSCustomerInterface parameter", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-52204", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09509", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09527", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09601", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.0965", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.0966", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09628", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09612", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09504", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09565", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09616", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-52204" }, { "reference_url": "https://github.com/j0qq3r/CVE-2025-52204", "reference_id": "CVE-2025-52204", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:00:50Z/" } ], "url": "https://github.com/j0qq3r/CVE-2025-52204" }, { "reference_url": "https://www.znuny.org/en/releases/znuny-7-3-1", "reference_id": "znuny-7-3-1", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:00:50Z/" } ], "url": "https://www.znuny.org/en/releases/znuny-7-3-1" }, { "reference_url": "http://znuny.com", "reference_id": "znuny.com", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:00:50Z/" } ], "url": "http://znuny.com" }, { "reference_url": "http://znunyitsm.com", "reference_id": "znunyitsm.com", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:00:50Z/" } ], "url": "http://znunyitsm.com" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943988?format=api", "purl": "pkg:deb/debian/znuny@6.5.19-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-52204" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4sdd-c9p8-3fac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25414?format=api", "vulnerability_id": "VCID-zd8d-c1nk-g7a4", "summary": "jquery-validation vulnerable to Cross-site Scripting\nVersions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3573.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3573.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3573", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48023", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.47983", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48003", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.47952", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48005", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.47999", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.5309", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53083", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53045", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53072", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3573" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3573", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3573" }, { "reference_url": "https://github.com/jquery-validation/jquery-validation", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jquery-validation/jquery-validation" }, { "reference_url": "https://github.com/jquery-validation/jquery-validation/commit/7a490d8f39bd988027568ddcf51755e1f4688902", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jquery-validation/jquery-validation/commit/7a490d8f39bd988027568ddcf51755e1f4688902" }, { "reference_url": "https://github.com/jquery-validation/jquery-validation/pull/2462", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jquery-validation/jquery-validation/pull/2462" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3573", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3573" }, { "reference_url": "https://security.snyk.io/vuln/SNYK-JS-JQUERYVALIDATION-5952285", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.snyk.io/vuln/SNYK-JS-JQUERYVALIDATION-5952285" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103445", "reference_id": "1103445", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103445" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104134", "reference_id": "1104134", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104134" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104135", "reference_id": "1104135", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104135" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104136", "reference_id": "1104136", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104136" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359682", "reference_id": "2359682", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359682" }, { "reference_url": "https://github.com/advisories/GHSA-rrj2-ph5q-jxw2", "reference_id": "GHSA-rrj2-ph5q-jxw2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rrj2-ph5q-jxw2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943995?format=api", "purl": "pkg:deb/debian/znuny@6.5.16-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.16-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943988?format=api", "purl": "pkg:deb/debian/znuny@6.5.19-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-3573", "GHSA-rrj2-ph5q-jxw2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zd8d-c1nk-g7a4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349415?format=api", "vulnerability_id": "VCID-zhfb-ajkc-5uc4", "summary": "", "references": [], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943988?format=api", "purl": "pkg:deb/debian/znuny@6.5.19-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-59490" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zhfb-ajkc-5uc4" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/236440?format=api", "vulnerability_id": "VCID-12v6-61me-ffa1", "summary": "An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32492", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0065", "scoring_system": "epss", "scoring_elements": "0.70865", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0065", "scoring_system": "epss", "scoring_elements": "0.70848", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0065", "scoring_system": "epss", "scoring_elements": "0.70833", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0065", "scoring_system": "epss", "scoring_elements": "0.70878", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0065", "scoring_system": "epss", "scoring_elements": "0.70885", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0065", "scoring_system": "epss", "scoring_elements": "0.70787", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0065", "scoring_system": "epss", "scoring_elements": "0.70806", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0065", "scoring_system": "epss", "scoring_elements": "0.70781", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0065", "scoring_system": "epss", "scoring_elements": "0.70825", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0065", "scoring_system": "epss", "scoring_elements": "0.70841", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0065", "scoring_system": "epss", "scoring_elements": "0.70864", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32492" }, { "reference_url": "https://znuny.com", "reference_id": "znuny.com", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-05T15:52:23Z/" } ], "url": "https://znuny.com" }, { "reference_url": "https://www.znuny.org/en/advisories/zsa-2024-02", "reference_id": "zsa-2024-02", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-05T15:52:23Z/" } ], "url": "https://www.znuny.org/en/advisories/zsa-2024-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943987?format=api", "purl": "pkg:deb/debian/znuny@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943986?format=api", "purl": "pkg:deb/debian/znuny@6.5.1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-169g-wxmh-qqbw" }, { "vulnerability": "VCID-1mkr-c1ay-jygw" }, { "vulnerability": "VCID-2rbn-u9eg-sua7" }, { "vulnerability": "VCID-4sdd-c9p8-3fac" }, { "vulnerability": "VCID-cqx8-tegf-pfhh" }, { "vulnerability": "VCID-kfqh-mtw2-3feu" }, { "vulnerability": "VCID-kr13-v6jr-5kg6" }, { "vulnerability": "VCID-ndgh-dr9p-kqbu" }, { "vulnerability": "VCID-qysv-aehy-d7ay" }, { "vulnerability": "VCID-s8fu-wpk4-3ycc" }, { "vulnerability": "VCID-x1sc-wvc6-a3hz" }, { "vulnerability": "VCID-yrdb-btgm-p3cd" }, { "vulnerability": "VCID-zd8d-c1nk-g7a4" }, { "vulnerability": "VCID-zhfb-ajkc-5uc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943989?format=api", "purl": "pkg:deb/debian/znuny@6.5.15-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sdd-c9p8-3fac" }, { "vulnerability": "VCID-zd8d-c1nk-g7a4" }, { "vulnerability": "VCID-zhfb-ajkc-5uc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943988?format=api", "purl": "pkg:deb/debian/znuny@6.5.19-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-32492" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-12v6-61me-ffa1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/244343?format=api", "vulnerability_id": "VCID-169g-wxmh-qqbw", "summary": "Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. JavaScript code in the short description of the SLA field in Activity Dialogues is executed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48937", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81314", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81271", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81276", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81297", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81283", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81313", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81315", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81222", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81245", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81243", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48937" }, { "reference_url": "https://www.znuny.org/en/advisories", "reference_id": "advisories", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T15:39:09Z/" } ], "url": "https://www.znuny.org/en/advisories" }, { "reference_url": "https://www.znuny.com", "reference_id": "www.znuny.com", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T15:39:09Z/" } ], "url": "https://www.znuny.com" }, { "reference_url": "https://www.znuny.org/en/advisories/zsa-2024-05", "reference_id": "zsa-2024-05", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T15:39:09Z/" } ], "url": "https://www.znuny.org/en/advisories/zsa-2024-05" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943993?format=api", "purl": "pkg:deb/debian/znuny@6.5.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943989?format=api", "purl": "pkg:deb/debian/znuny@6.5.15-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sdd-c9p8-3fac" }, { "vulnerability": "VCID-zd8d-c1nk-g7a4" }, { "vulnerability": "VCID-zhfb-ajkc-5uc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943988?format=api", "purl": "pkg:deb/debian/znuny@6.5.19-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-48937" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-169g-wxmh-qqbw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/318253?format=api", "vulnerability_id": "VCID-1mkr-c1ay-jygw", "summary": "An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26844", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58634", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58619", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58652", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58657", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58592", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58613", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58583", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58635", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58641", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58658", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58639", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26844" }, { "reference_url": "https://www.znuny.com", "reference_id": "www.znuny.com", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:48:53Z/" } ], "url": "https://www.znuny.com" }, { "reference_url": "https://www.znuny.org/en/advisories/zsa-2025-05", "reference_id": "zsa-2025-05", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:48:53Z/" } ], "url": "https://www.znuny.org/en/advisories/zsa-2025-05" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943994?format=api", "purl": "pkg:deb/debian/znuny@6.5.13-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.13-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943989?format=api", "purl": "pkg:deb/debian/znuny@6.5.15-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sdd-c9p8-3fac" }, { "vulnerability": "VCID-zd8d-c1nk-g7a4" }, { "vulnerability": "VCID-zhfb-ajkc-5uc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943988?format=api", "purl": "pkg:deb/debian/znuny@6.5.19-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-26844" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1mkr-c1ay-jygw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/325961?format=api", "vulnerability_id": "VCID-2rbn-u9eg-sua7", "summary": "An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateAJAX subaction can be used to set user preferences with arbitrary keys. When fetching user data via GetUserData, these keys and values are retrieved and given as a whole to other function calls, which then might use these keys/values to affect permissions or other settings.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-43926", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43761", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43775", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43836", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43828", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43794", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43819", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.4375", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43801", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43804", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43824", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43791", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-43926" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104739", "reference_id": "1104739", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104739" }, { "reference_url": "https://znuny.com", "reference_id": "znuny.com", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-12T18:30:23Z/" } ], "url": "https://znuny.com" }, { "reference_url": "https://www.znuny.org/en/advisories/zsa-2025-07", "reference_id": "zsa-2025-07", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-12T18:30:23Z/" } ], "url": "https://www.znuny.org/en/advisories/zsa-2025-07" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943989?format=api", "purl": "pkg:deb/debian/znuny@6.5.15-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sdd-c9p8-3fac" }, { "vulnerability": "VCID-zd8d-c1nk-g7a4" }, { "vulnerability": "VCID-zhfb-ajkc-5uc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943988?format=api", "purl": "pkg:deb/debian/znuny@6.5.19-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-43926" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2rbn-u9eg-sua7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94823?format=api", "vulnerability_id": "VCID-2yyp-zhcc-mbgq", "summary": "Specially crafted string in OTRS system configuration can allow the execution of any system command.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36100", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72417", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72423", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.7244", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72456", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72468", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72492", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72474", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72464", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72506", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72514", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0072", "scoring_system": "epss", "scoring_elements": "0.72504", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36100" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36100", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36100" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943987?format=api", "purl": "pkg:deb/debian/znuny@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943986?format=api", "purl": "pkg:deb/debian/znuny@6.5.1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-169g-wxmh-qqbw" }, { "vulnerability": "VCID-1mkr-c1ay-jygw" }, { "vulnerability": "VCID-2rbn-u9eg-sua7" }, { "vulnerability": "VCID-4sdd-c9p8-3fac" }, { "vulnerability": "VCID-cqx8-tegf-pfhh" }, { "vulnerability": "VCID-kfqh-mtw2-3feu" }, { "vulnerability": "VCID-kr13-v6jr-5kg6" }, { "vulnerability": "VCID-ndgh-dr9p-kqbu" }, { "vulnerability": "VCID-qysv-aehy-d7ay" }, { "vulnerability": "VCID-s8fu-wpk4-3ycc" }, { "vulnerability": "VCID-x1sc-wvc6-a3hz" }, { "vulnerability": "VCID-yrdb-btgm-p3cd" }, { "vulnerability": "VCID-zd8d-c1nk-g7a4" }, { "vulnerability": "VCID-zhfb-ajkc-5uc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943989?format=api", "purl": "pkg:deb/debian/znuny@6.5.15-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sdd-c9p8-3fac" }, { "vulnerability": "VCID-zd8d-c1nk-g7a4" }, { "vulnerability": "VCID-zhfb-ajkc-5uc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943988?format=api", "purl": "pkg:deb/debian/znuny@6.5.19-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-36100" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2yyp-zhcc-mbgq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94657?format=api", "vulnerability_id": "VCID-57jx-quzh-fubc", "summary": "Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21443", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44548", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44628", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44648", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44585", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44637", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44639", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44655", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44625", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44626", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.4468", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44672", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44603", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21443" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21443", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21443" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991593", "reference_id": "991593", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991593" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943987?format=api", "purl": "pkg:deb/debian/znuny@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943986?format=api", "purl": "pkg:deb/debian/znuny@6.5.1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-169g-wxmh-qqbw" }, { "vulnerability": "VCID-1mkr-c1ay-jygw" }, { "vulnerability": "VCID-2rbn-u9eg-sua7" }, { "vulnerability": "VCID-4sdd-c9p8-3fac" }, { "vulnerability": "VCID-cqx8-tegf-pfhh" }, { "vulnerability": "VCID-kfqh-mtw2-3feu" }, { "vulnerability": "VCID-kr13-v6jr-5kg6" }, { "vulnerability": "VCID-ndgh-dr9p-kqbu" }, { "vulnerability": "VCID-qysv-aehy-d7ay" }, { "vulnerability": "VCID-s8fu-wpk4-3ycc" }, { "vulnerability": "VCID-x1sc-wvc6-a3hz" }, { "vulnerability": "VCID-yrdb-btgm-p3cd" }, { "vulnerability": "VCID-zd8d-c1nk-g7a4" }, { "vulnerability": "VCID-zhfb-ajkc-5uc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943989?format=api", "purl": "pkg:deb/debian/znuny@6.5.15-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sdd-c9p8-3fac" }, { "vulnerability": "VCID-zd8d-c1nk-g7a4" }, { "vulnerability": "VCID-zhfb-ajkc-5uc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943988?format=api", "purl": "pkg:deb/debian/znuny@6.5.19-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-21443" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-57jx-quzh-fubc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94654?format=api", "vulnerability_id": "VCID-9431-8f5f-rfct", "summary": "DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions; 8.0.x version 8.0.13 and prior versions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21439", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57232", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57314", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57337", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57365", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57367", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57382", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57362", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57341", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21439" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21439", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21439" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989992", "reference_id": "989992", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989992" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943987?format=api", "purl": "pkg:deb/debian/znuny@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943986?format=api", "purl": "pkg:deb/debian/znuny@6.5.1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-169g-wxmh-qqbw" }, { "vulnerability": "VCID-1mkr-c1ay-jygw" }, { "vulnerability": "VCID-2rbn-u9eg-sua7" }, { "vulnerability": "VCID-4sdd-c9p8-3fac" }, { "vulnerability": "VCID-cqx8-tegf-pfhh" }, { "vulnerability": "VCID-kfqh-mtw2-3feu" }, { "vulnerability": "VCID-kr13-v6jr-5kg6" }, { "vulnerability": "VCID-ndgh-dr9p-kqbu" }, { "vulnerability": "VCID-qysv-aehy-d7ay" }, { "vulnerability": "VCID-s8fu-wpk4-3ycc" }, { "vulnerability": "VCID-x1sc-wvc6-a3hz" }, { "vulnerability": "VCID-yrdb-btgm-p3cd" }, { "vulnerability": "VCID-zd8d-c1nk-g7a4" }, { "vulnerability": "VCID-zhfb-ajkc-5uc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943989?format=api", "purl": "pkg:deb/debian/znuny@6.5.15-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sdd-c9p8-3fac" }, { "vulnerability": "VCID-zd8d-c1nk-g7a4" }, { "vulnerability": "VCID-zhfb-ajkc-5uc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943988?format=api", "purl": "pkg:deb/debian/znuny@6.5.19-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-21439" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9431-8f5f-rfct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/318252?format=api", "vulnerability_id": "VCID-cqx8-tegf-pfhh", "summary": "An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content of S/MIME encrypted e-mail messages is visible to users with access to the CommunicationLog.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26842", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52207", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52225", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.5212", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52147", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52112", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52166", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52162", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52213", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52196", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52182", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52222", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26842" }, { "reference_url": "https://www.znuny.org/en/advisories/zsa-2025-01", "reference_id": "zsa-2025-01", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:53:25Z/" } ], "url": "https://www.znuny.org/en/advisories/zsa-2025-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943994?format=api", "purl": "pkg:deb/debian/znuny@6.5.13-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.13-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943989?format=api", "purl": "pkg:deb/debian/znuny@6.5.15-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sdd-c9p8-3fac" }, { "vulnerability": "VCID-zd8d-c1nk-g7a4" }, { "vulnerability": "VCID-zhfb-ajkc-5uc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943988?format=api", "purl": "pkg:deb/debian/znuny@6.5.19-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-26842" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cqx8-tegf-pfhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95300?format=api", "vulnerability_id": "VCID-cx2r-g5rk-1yhn", "summary": "Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4427", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61294", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61374", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.6136", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61341", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.6138", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61384", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61323", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61291", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61339", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61354", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00437", "scoring_system": "epss", "scoring_elements": "0.63067", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4427" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4427", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4427" }, { "reference_url": "https://otrs.com/release-notes/otrs-security-advisory-2022-15/", "reference_id": "otrs-security-advisory-2022-15", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T18:03:48Z/" } ], "url": "https://otrs.com/release-notes/otrs-security-advisory-2022-15/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943990?format=api", "purl": "pkg:deb/debian/znuny@6.4.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.4.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943986?format=api", "purl": "pkg:deb/debian/znuny@6.5.1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-169g-wxmh-qqbw" }, { "vulnerability": "VCID-1mkr-c1ay-jygw" }, { "vulnerability": "VCID-2rbn-u9eg-sua7" }, { "vulnerability": "VCID-4sdd-c9p8-3fac" }, { "vulnerability": "VCID-cqx8-tegf-pfhh" }, { "vulnerability": "VCID-kfqh-mtw2-3feu" }, { "vulnerability": "VCID-kr13-v6jr-5kg6" }, { "vulnerability": "VCID-ndgh-dr9p-kqbu" }, { "vulnerability": "VCID-qysv-aehy-d7ay" }, { "vulnerability": "VCID-s8fu-wpk4-3ycc" }, { "vulnerability": "VCID-x1sc-wvc6-a3hz" }, { "vulnerability": "VCID-yrdb-btgm-p3cd" }, { "vulnerability": "VCID-zd8d-c1nk-g7a4" }, { "vulnerability": "VCID-zhfb-ajkc-5uc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943989?format=api", "purl": "pkg:deb/debian/znuny@6.5.15-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sdd-c9p8-3fac" }, { "vulnerability": "VCID-zd8d-c1nk-g7a4" }, { "vulnerability": "VCID-zhfb-ajkc-5uc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943988?format=api", "purl": "pkg:deb/debian/znuny@6.5.19-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-4427" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cx2r-g5rk-1yhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/318256?format=api", "vulnerability_id": "VCID-kfqh-mtw2-3feu", "summary": "An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26847", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53182", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53153", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53193", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.532", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53097", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53121", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53089", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.5314", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53134", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53184", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53169", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26847" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104739", "reference_id": "1104739", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104739" }, { "reference_url": "https://www.znuny.com", "reference_id": "www.znuny.com", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:58:30Z/" } ], "url": "https://www.znuny.com" }, { "reference_url": "https://www.znuny.org/en/advisories/zsa-2025-06", "reference_id": "zsa-2025-06", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:58:30Z/" } ], "url": "https://www.znuny.org/en/advisories/zsa-2025-06" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943989?format=api", "purl": "pkg:deb/debian/znuny@6.5.15-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sdd-c9p8-3fac" }, { "vulnerability": "VCID-zd8d-c1nk-g7a4" }, { "vulnerability": "VCID-zhfb-ajkc-5uc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943988?format=api", "purl": "pkg:deb/debian/znuny@6.5.19-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-26847" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kfqh-mtw2-3feu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/237349?format=api", "vulnerability_id": "VCID-kr13-v6jr-5kg6", "summary": "An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file (via a manipulated AJAX Request) to an arbitrary writable location by traversing paths. Arbitrary code can be executed if this location is publicly available through the web server.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32491", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69081", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69083", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69053", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69092", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69101", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69004", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69024", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69005", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69055", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69074", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69097", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32491" }, { "reference_url": "https://znuny.com", "reference_id": "znuny.com", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-30T15:40:28Z/" } ], "url": "https://znuny.com" }, { "reference_url": "https://www.znuny.org/en/advisories/zsa-2024-01", "reference_id": "zsa-2024-01", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-30T15:40:28Z/" } ], "url": "https://www.znuny.org/en/advisories/zsa-2024-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943992?format=api", "purl": "pkg:deb/debian/znuny@6.5.8-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943989?format=api", "purl": "pkg:deb/debian/znuny@6.5.15-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sdd-c9p8-3fac" }, { "vulnerability": "VCID-zd8d-c1nk-g7a4" }, { "vulnerability": "VCID-zhfb-ajkc-5uc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943988?format=api", "purl": "pkg:deb/debian/znuny@6.5.19-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-32491" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kr13-v6jr-5kg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/236515?format=api", "vulnerability_id": "VCID-ndgh-dr9p-kqbu", "summary": "An issue was discovered in Znuny LTS 6.5.1 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in agent is able to inject SQL in the draft form ID parameter of an AJAX request.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32493", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69741", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69724", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69711", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69751", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.6976", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69655", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69672", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69649", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69699", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69716", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69739", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32493" }, { "reference_url": "https://znuny.com", "reference_id": "znuny.com", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-30T14:46:04Z/" } ], "url": "https://znuny.com" }, { "reference_url": "https://www.znuny.org/en/advisories/zsa-2024-03", "reference_id": "zsa-2024-03", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-30T14:46:04Z/" } ], "url": "https://www.znuny.org/en/advisories/zsa-2024-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943992?format=api", "purl": "pkg:deb/debian/znuny@6.5.8-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943989?format=api", "purl": "pkg:deb/debian/znuny@6.5.15-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sdd-c9p8-3fac" }, { "vulnerability": "VCID-zd8d-c1nk-g7a4" }, { "vulnerability": "VCID-zhfb-ajkc-5uc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943988?format=api", "purl": "pkg:deb/debian/znuny@6.5.19-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-32493" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ndgh-dr9p-kqbu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95640?format=api", "vulnerability_id": "VCID-qysv-aehy-d7ay", "summary": "Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment. This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38060", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45375", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45324", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46117", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46138", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.4611", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46119", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46176", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46113", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.4606", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46092", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46114", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38060" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38060", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38060" }, { "reference_url": "https://otrs.com/release-notes/otrs-security-advisory-2023-04/", "reference_id": "otrs-security-advisory-2023-04", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-17T13:01:31Z/" } ], "url": "https://otrs.com/release-notes/otrs-security-advisory-2023-04/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943991?format=api", "purl": "pkg:deb/debian/znuny@6.5.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943989?format=api", "purl": "pkg:deb/debian/znuny@6.5.15-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sdd-c9p8-3fac" }, { "vulnerability": "VCID-zd8d-c1nk-g7a4" }, { "vulnerability": "VCID-zhfb-ajkc-5uc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943988?format=api", "purl": "pkg:deb/debian/znuny@6.5.19-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-38060" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qysv-aehy-d7ay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/318255?format=api", "vulnerability_id": "VCID-s8fu-wpk4-3ycc", "summary": "An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26846", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00404", "scoring_system": "epss", "scoring_elements": "0.61011", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00404", "scoring_system": "epss", "scoring_elements": "0.60982", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00404", "scoring_system": "epss", "scoring_elements": "0.60963", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00404", "scoring_system": "epss", "scoring_elements": "0.61005", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00404", "scoring_system": "epss", "scoring_elements": "0.60916", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00404", "scoring_system": "epss", "scoring_elements": "0.60945", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00404", "scoring_system": "epss", "scoring_elements": "0.6091", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00404", "scoring_system": "epss", "scoring_elements": "0.60959", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00404", "scoring_system": "epss", "scoring_elements": "0.60975", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00404", "scoring_system": "epss", "scoring_elements": "0.60997", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26846" }, { "reference_url": "https://www.znuny.com", "reference_id": "www.znuny.com", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-12T21:50:36Z/" } ], "url": "https://www.znuny.com" }, { "reference_url": "https://www.znuny.org/en/advisories/zsa-2025-02", "reference_id": "zsa-2025-02", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-12T21:50:36Z/" } ], "url": "https://www.znuny.org/en/advisories/zsa-2025-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943994?format=api", "purl": "pkg:deb/debian/znuny@6.5.13-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.13-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943989?format=api", "purl": "pkg:deb/debian/znuny@6.5.15-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sdd-c9p8-3fac" }, { "vulnerability": "VCID-zd8d-c1nk-g7a4" }, { "vulnerability": "VCID-zhfb-ajkc-5uc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943988?format=api", "purl": "pkg:deb/debian/znuny@6.5.19-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-26846" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s8fu-wpk4-3ycc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94655?format=api", "vulnerability_id": "VCID-u3ed-wmjx-9fcq", "summary": "Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21440", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.394", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.39563", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.39586", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.39501", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.39556", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.39572", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.39582", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.39544", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.39528", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.39578", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.39549", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.39465", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21440" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21440", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21440" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991593", "reference_id": "991593", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991593" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943987?format=api", "purl": "pkg:deb/debian/znuny@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943986?format=api", "purl": "pkg:deb/debian/znuny@6.5.1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-169g-wxmh-qqbw" }, { "vulnerability": "VCID-1mkr-c1ay-jygw" }, { "vulnerability": "VCID-2rbn-u9eg-sua7" }, { "vulnerability": "VCID-4sdd-c9p8-3fac" }, { "vulnerability": "VCID-cqx8-tegf-pfhh" }, { "vulnerability": "VCID-kfqh-mtw2-3feu" }, { "vulnerability": "VCID-kr13-v6jr-5kg6" }, { "vulnerability": "VCID-ndgh-dr9p-kqbu" }, { "vulnerability": "VCID-qysv-aehy-d7ay" }, { "vulnerability": "VCID-s8fu-wpk4-3ycc" }, { "vulnerability": "VCID-x1sc-wvc6-a3hz" }, { "vulnerability": "VCID-yrdb-btgm-p3cd" }, { "vulnerability": "VCID-zd8d-c1nk-g7a4" }, { "vulnerability": "VCID-zhfb-ajkc-5uc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943989?format=api", "purl": "pkg:deb/debian/znuny@6.5.15-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sdd-c9p8-3fac" }, { "vulnerability": "VCID-zd8d-c1nk-g7a4" }, { "vulnerability": "VCID-zhfb-ajkc-5uc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943988?format=api", "purl": "pkg:deb/debian/znuny@6.5.19-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-21440" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u3ed-wmjx-9fcq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94656?format=api", "vulnerability_id": "VCID-u8xm-v9ek-yuar", "summary": "There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21441", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52823", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.5285", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52876", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52844", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52895", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52889", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52939", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52923", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52907", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52944", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52951", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52934", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21441" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21441", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21441" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989992", "reference_id": "989992", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989992" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943987?format=api", "purl": "pkg:deb/debian/znuny@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943986?format=api", "purl": "pkg:deb/debian/znuny@6.5.1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-169g-wxmh-qqbw" }, { "vulnerability": "VCID-1mkr-c1ay-jygw" }, { "vulnerability": "VCID-2rbn-u9eg-sua7" }, { "vulnerability": "VCID-4sdd-c9p8-3fac" }, { "vulnerability": "VCID-cqx8-tegf-pfhh" }, { "vulnerability": "VCID-kfqh-mtw2-3feu" }, { "vulnerability": "VCID-kr13-v6jr-5kg6" }, { "vulnerability": "VCID-ndgh-dr9p-kqbu" }, { "vulnerability": "VCID-qysv-aehy-d7ay" }, { "vulnerability": "VCID-s8fu-wpk4-3ycc" }, { "vulnerability": "VCID-x1sc-wvc6-a3hz" }, { "vulnerability": "VCID-yrdb-btgm-p3cd" }, { "vulnerability": "VCID-zd8d-c1nk-g7a4" }, { "vulnerability": "VCID-zhfb-ajkc-5uc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943989?format=api", "purl": "pkg:deb/debian/znuny@6.5.15-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sdd-c9p8-3fac" }, { "vulnerability": "VCID-zd8d-c1nk-g7a4" }, { "vulnerability": "VCID-zhfb-ajkc-5uc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943988?format=api", "purl": "pkg:deb/debian/znuny@6.5.19-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-21441" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u8xm-v9ek-yuar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/245114?format=api", "vulnerability_id": "VCID-x1sc-wvc6-a3hz", "summary": "Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied from Microsoft Word could lead to high CPU usage and block the parsing process.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48938", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.71998", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.71973", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.71997", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.71981", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.71965", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.72006", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.72013", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.71926", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.71945", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.71922", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.71961", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48938" }, { "reference_url": "https://www.znuny.org/en/advisories", "reference_id": "advisories", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T18:44:51Z/" } ], "url": "https://www.znuny.org/en/advisories" }, { "reference_url": "https://www.znuny.com", "reference_id": "www.znuny.com", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T18:44:51Z/" } ], "url": "https://www.znuny.com" }, { "reference_url": "https://www.znuny.org/en/advisories/zsa-2024-04", "reference_id": "zsa-2024-04", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T18:44:51Z/" } ], "url": "https://www.znuny.org/en/advisories/zsa-2024-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943993?format=api", "purl": "pkg:deb/debian/znuny@6.5.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943989?format=api", "purl": "pkg:deb/debian/znuny@6.5.15-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sdd-c9p8-3fac" }, { "vulnerability": "VCID-zd8d-c1nk-g7a4" }, { "vulnerability": "VCID-zhfb-ajkc-5uc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943988?format=api", "purl": "pkg:deb/debian/znuny@6.5.19-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-48938" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x1sc-wvc6-a3hz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/318254?format=api", "vulnerability_id": "VCID-yrdb-btgm-p3cd", "summary": "An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26845", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61359", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61336", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61374", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61379", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61289", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61318", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61286", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61334", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61349", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61369", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61354", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26845" }, { "reference_url": "https://www.znuny.com", "reference_id": "www.znuny.com", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:45:30Z/" } ], "url": "https://www.znuny.com" }, { "reference_url": "https://www.znuny.org/en/advisories/zsa-2025-03", "reference_id": "zsa-2025-03", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:45:30Z/" } ], "url": "https://www.znuny.org/en/advisories/zsa-2025-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943994?format=api", "purl": "pkg:deb/debian/znuny@6.5.13-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.13-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943989?format=api", "purl": "pkg:deb/debian/znuny@6.5.15-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sdd-c9p8-3fac" }, { "vulnerability": "VCID-zd8d-c1nk-g7a4" }, { "vulnerability": "VCID-zhfb-ajkc-5uc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943988?format=api", "purl": "pkg:deb/debian/znuny@6.5.19-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.19-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-26845" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yrdb-btgm-p3cd" } ], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2%3Fdistro=trixie" }