Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/994634?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/994634?format=api", "purl": "pkg:deb/debian/znuny@6.5.1-1", "type": "deb", "namespace": "debian", "name": "znuny", "version": "6.5.1-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "6.5.15-2~bpo12+1", "latest_non_vulnerable_version": "6.5.18-1~bpo13+1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/244343?format=api", "vulnerability_id": "VCID-169g-wxmh-qqbw", "summary": "Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. JavaScript code in the short description of the SLA field in Activity Dialogues is executed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48937", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81349", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81283", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81313", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81315", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81314", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81336", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81344", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81222", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81245", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81243", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81271", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81276", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01525", "scoring_system": "epss", "scoring_elements": "0.81297", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48937" }, { "reference_url": "https://www.znuny.org/en/advisories", "reference_id": "advisories", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T15:39:09Z/" } ], "url": "https://www.znuny.org/en/advisories" }, { "reference_url": "https://www.znuny.com", "reference_id": "www.znuny.com", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T15:39:09Z/" } ], "url": "https://www.znuny.com" }, { "reference_url": "https://www.znuny.org/en/advisories/zsa-2024-05", "reference_id": "zsa-2024-05", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T15:39:09Z/" } ], "url": "https://www.znuny.org/en/advisories/zsa-2024-05" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994635?format=api", "purl": "pkg:deb/debian/znuny@6.5.15-2~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2~bpo12%252B1" } ], "aliases": [ "CVE-2024-48937" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-169g-wxmh-qqbw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/318253?format=api", "vulnerability_id": "VCID-1mkr-c1ay-jygw", "summary": "An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26844", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58598", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58634", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58601", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58614", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58592", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58613", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58583", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58635", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58641", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58658", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58639", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58619", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58652", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58657", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26844" }, { "reference_url": "https://www.znuny.com", "reference_id": "www.znuny.com", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:48:53Z/" } ], "url": "https://www.znuny.com" }, { "reference_url": "https://www.znuny.org/en/advisories/zsa-2025-05", "reference_id": "zsa-2025-05", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:48:53Z/" } ], "url": "https://www.znuny.org/en/advisories/zsa-2025-05" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994635?format=api", "purl": "pkg:deb/debian/znuny@6.5.15-2~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2~bpo12%252B1" } ], "aliases": [ "CVE-2025-26844" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1mkr-c1ay-jygw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/325961?format=api", "vulnerability_id": "VCID-2rbn-u9eg-sua7", "summary": "An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateAJAX subaction can be used to set user preferences with arbitrary keys. When fetching user data via GetUserData, these keys and values are retrieved and given as a whole to other function calls, which then might use these keys/values to affect permissions or other settings.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-43926", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43622", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43761", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.437", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43704", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43794", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43819", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.4375", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43801", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43804", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43824", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43791", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43775", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43836", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43828", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-43926" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104739", "reference_id": "1104739", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104739" }, { "reference_url": "https://znuny.com", "reference_id": "znuny.com", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-12T18:30:23Z/" } ], "url": "https://znuny.com" }, { "reference_url": "https://www.znuny.org/en/advisories/zsa-2025-07", "reference_id": "zsa-2025-07", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-12T18:30:23Z/" } ], "url": "https://www.znuny.org/en/advisories/zsa-2025-07" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994635?format=api", "purl": "pkg:deb/debian/znuny@6.5.15-2~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2~bpo12%252B1" } ], "aliases": [ "CVE-2025-43926" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2rbn-u9eg-sua7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/330164?format=api", "vulnerability_id": "VCID-4sdd-c9p8-3fac", "summary": "A Cross-Site Scripting (XSS) vulnerability exists in Znuny::ITSM 6.5.x in the customer.pl endpoint via the OTRSCustomerInterface parameter", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-52204", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09565", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09616", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09527", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09601", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.0965", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.0966", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09628", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09612", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09504", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09509", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10654", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.106", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10657", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-52204" }, { "reference_url": "https://github.com/j0qq3r/CVE-2025-52204", "reference_id": "CVE-2025-52204", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:00:50Z/" } ], "url": "https://github.com/j0qq3r/CVE-2025-52204" }, { "reference_url": "https://www.znuny.org/en/releases/znuny-7-3-1", "reference_id": "znuny-7-3-1", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:00:50Z/" } ], "url": "https://www.znuny.org/en/releases/znuny-7-3-1" }, { "reference_url": "http://znuny.com", "reference_id": "znuny.com", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:00:50Z/" } ], "url": "http://znuny.com" }, { "reference_url": "http://znunyitsm.com", "reference_id": "znunyitsm.com", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:00:50Z/" } ], "url": "http://znunyitsm.com" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994635?format=api", "purl": "pkg:deb/debian/znuny@6.5.15-2~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2~bpo12%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994637?format=api", "purl": "pkg:deb/debian/znuny@6.5.18-1~bpo13%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.18-1~bpo13%252B1" } ], "aliases": [ "CVE-2025-52204" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4sdd-c9p8-3fac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/318252?format=api", "vulnerability_id": "VCID-cqx8-tegf-pfhh", "summary": "An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content of S/MIME encrypted e-mail messages is visible to users with access to the CommunicationLog.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26842", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52126", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52156", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.5212", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52147", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52112", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52166", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52162", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52213", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52196", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52182", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52222", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52225", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52207", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26842" }, { "reference_url": "https://www.znuny.org/en/advisories/zsa-2025-01", "reference_id": "zsa-2025-01", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:53:25Z/" } ], "url": "https://www.znuny.org/en/advisories/zsa-2025-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994635?format=api", "purl": "pkg:deb/debian/znuny@6.5.15-2~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2~bpo12%252B1" } ], "aliases": [ "CVE-2025-26842" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cqx8-tegf-pfhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/318256?format=api", "vulnerability_id": "VCID-kfqh-mtw2-3feu", "summary": "An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26847", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53129", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53182", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53156", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53167", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53097", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53121", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53089", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.5314", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53134", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53184", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53169", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53153", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53193", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.532", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26847" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104739", "reference_id": "1104739", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104739" }, { "reference_url": "https://www.znuny.com", "reference_id": "www.znuny.com", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:58:30Z/" } ], "url": "https://www.znuny.com" }, { "reference_url": "https://www.znuny.org/en/advisories/zsa-2025-06", "reference_id": "zsa-2025-06", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:58:30Z/" } ], "url": "https://www.znuny.org/en/advisories/zsa-2025-06" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994635?format=api", "purl": "pkg:deb/debian/znuny@6.5.15-2~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2~bpo12%252B1" } ], "aliases": [ "CVE-2025-26847" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kfqh-mtw2-3feu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/237349?format=api", "vulnerability_id": "VCID-kr13-v6jr-5kg6", "summary": "An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file (via a manipulated AJAX Request) to an arbitrary writable location by traversing paths. Arbitrary code can be executed if this location is publicly available through the web server.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32491", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69147", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69101", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69081", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69131", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69139", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69004", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69024", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69005", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69055", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69074", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69097", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69083", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69053", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00585", "scoring_system": "epss", "scoring_elements": "0.69092", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32491" }, { "reference_url": "https://znuny.com", "reference_id": "znuny.com", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-30T15:40:28Z/" } ], "url": "https://znuny.com" }, { "reference_url": "https://www.znuny.org/en/advisories/zsa-2024-01", "reference_id": "zsa-2024-01", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-30T15:40:28Z/" } ], "url": "https://www.znuny.org/en/advisories/zsa-2024-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994635?format=api", "purl": "pkg:deb/debian/znuny@6.5.15-2~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2~bpo12%252B1" } ], "aliases": [ "CVE-2024-32491" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kr13-v6jr-5kg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/236515?format=api", "vulnerability_id": "VCID-ndgh-dr9p-kqbu", "summary": "An issue was discovered in Znuny LTS 6.5.1 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in agent is able to inject SQL in the draft form ID parameter of an AJAX request.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32493", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69805", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.6976", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69741", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69792", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.698", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69655", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69672", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69649", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69699", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69716", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69739", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69724", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69711", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00608", "scoring_system": "epss", "scoring_elements": "0.69751", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32493" }, { "reference_url": "https://znuny.com", "reference_id": "znuny.com", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-30T14:46:04Z/" } ], "url": "https://znuny.com" }, { "reference_url": "https://www.znuny.org/en/advisories/zsa-2024-03", "reference_id": "zsa-2024-03", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-30T14:46:04Z/" } ], "url": "https://www.znuny.org/en/advisories/zsa-2024-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994635?format=api", "purl": "pkg:deb/debian/znuny@6.5.15-2~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2~bpo12%252B1" } ], "aliases": [ "CVE-2024-32493" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ndgh-dr9p-kqbu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95640?format=api", "vulnerability_id": "VCID-qysv-aehy-d7ay", "summary": "Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment. This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38060", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45182", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45242", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45235", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45324", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45375", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46092", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.4611", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46119", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46176", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46138", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46113", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.4606", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46117", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46114", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38060" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38060", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38060" }, { "reference_url": "https://otrs.com/release-notes/otrs-security-advisory-2023-04/", "reference_id": "otrs-security-advisory-2023-04", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-17T13:01:31Z/" } ], "url": "https://otrs.com/release-notes/otrs-security-advisory-2023-04/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994635?format=api", "purl": "pkg:deb/debian/znuny@6.5.15-2~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2~bpo12%252B1" } ], "aliases": [ "CVE-2023-38060" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qysv-aehy-d7ay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/318255?format=api", "vulnerability_id": "VCID-s8fu-wpk4-3ycc", "summary": "An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26846", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00404", "scoring_system": "epss", "scoring_elements": "0.60991", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00404", "scoring_system": "epss", "scoring_elements": "0.61011", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00404", "scoring_system": "epss", "scoring_elements": "0.60987", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00404", "scoring_system": "epss", "scoring_elements": "0.60998", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00404", "scoring_system": "epss", "scoring_elements": "0.60916", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00404", "scoring_system": "epss", "scoring_elements": "0.60945", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00404", "scoring_system": "epss", "scoring_elements": "0.6091", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00404", "scoring_system": "epss", "scoring_elements": "0.60959", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00404", "scoring_system": "epss", "scoring_elements": "0.60975", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00404", "scoring_system": "epss", "scoring_elements": "0.60997", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00404", "scoring_system": "epss", "scoring_elements": "0.60982", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00404", "scoring_system": "epss", "scoring_elements": "0.60963", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00404", "scoring_system": "epss", "scoring_elements": "0.61005", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26846" }, { "reference_url": "https://www.znuny.com", "reference_id": "www.znuny.com", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-12T21:50:36Z/" } ], "url": "https://www.znuny.com" }, { "reference_url": "https://www.znuny.org/en/advisories/zsa-2025-02", "reference_id": "zsa-2025-02", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-12T21:50:36Z/" } ], "url": "https://www.znuny.org/en/advisories/zsa-2025-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994635?format=api", "purl": "pkg:deb/debian/znuny@6.5.15-2~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2~bpo12%252B1" } ], "aliases": [ "CVE-2025-26846" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s8fu-wpk4-3ycc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/245114?format=api", "vulnerability_id": "VCID-x1sc-wvc6-a3hz", "summary": "Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied from Microsoft Word could lead to high CPU usage and block the parsing process.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48938", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.72044", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.71965", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.72006", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.72013", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.71998", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.72043", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.72049", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.71926", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.71945", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.71922", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.71961", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.71973", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.71997", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.71981", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48938" }, { "reference_url": "https://www.znuny.org/en/advisories", "reference_id": "advisories", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T18:44:51Z/" } ], "url": "https://www.znuny.org/en/advisories" }, { "reference_url": "https://www.znuny.com", "reference_id": "www.znuny.com", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T18:44:51Z/" } ], "url": "https://www.znuny.com" }, { "reference_url": "https://www.znuny.org/en/advisories/zsa-2024-04", "reference_id": "zsa-2024-04", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T18:44:51Z/" } ], "url": "https://www.znuny.org/en/advisories/zsa-2024-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994635?format=api", "purl": "pkg:deb/debian/znuny@6.5.15-2~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2~bpo12%252B1" } ], "aliases": [ "CVE-2024-48938" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x1sc-wvc6-a3hz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/318254?format=api", "vulnerability_id": "VCID-yrdb-btgm-p3cd", "summary": "An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26845", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61356", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61359", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61348", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61363", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61289", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61318", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61286", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61334", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61349", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61369", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61354", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61336", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61374", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61379", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26845" }, { "reference_url": "https://www.znuny.com", "reference_id": "www.znuny.com", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:45:30Z/" } ], "url": "https://www.znuny.com" }, { "reference_url": "https://www.znuny.org/en/advisories/zsa-2025-03", "reference_id": "zsa-2025-03", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:45:30Z/" } ], "url": "https://www.znuny.org/en/advisories/zsa-2025-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994635?format=api", "purl": "pkg:deb/debian/znuny@6.5.15-2~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2~bpo12%252B1" } ], "aliases": [ "CVE-2025-26845" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yrdb-btgm-p3cd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25414?format=api", "vulnerability_id": "VCID-zd8d-c1nk-g7a4", "summary": "jquery-validation vulnerable to Cross-site Scripting\nVersions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3573.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3573.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3573", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48023", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.47999", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48005", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.47952", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48003", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.47983", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53007", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53045", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53083", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.5309", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53072", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53038", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53047", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3573" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3573", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3573" }, { "reference_url": "https://github.com/jquery-validation/jquery-validation", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jquery-validation/jquery-validation" }, { "reference_url": "https://github.com/jquery-validation/jquery-validation/commit/7a490d8f39bd988027568ddcf51755e1f4688902", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jquery-validation/jquery-validation/commit/7a490d8f39bd988027568ddcf51755e1f4688902" }, { "reference_url": "https://github.com/jquery-validation/jquery-validation/pull/2462", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jquery-validation/jquery-validation/pull/2462" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3573", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3573" }, { "reference_url": "https://security.snyk.io/vuln/SNYK-JS-JQUERYVALIDATION-5952285", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.snyk.io/vuln/SNYK-JS-JQUERYVALIDATION-5952285" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103445", "reference_id": "1103445", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103445" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104134", "reference_id": "1104134", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104134" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104135", "reference_id": "1104135", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104135" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104136", "reference_id": "1104136", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104136" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359682", "reference_id": "2359682", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359682" }, { "reference_url": "https://github.com/advisories/GHSA-rrj2-ph5q-jxw2", "reference_id": "GHSA-rrj2-ph5q-jxw2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rrj2-ph5q-jxw2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994635?format=api", "purl": "pkg:deb/debian/znuny@6.5.15-2~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2~bpo12%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994637?format=api", "purl": "pkg:deb/debian/znuny@6.5.18-1~bpo13%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.18-1~bpo13%252B1" } ], "aliases": [ "CVE-2025-3573", "GHSA-rrj2-ph5q-jxw2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zd8d-c1nk-g7a4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/349415?format=api", "vulnerability_id": "VCID-zhfb-ajkc-5uc4", "summary": "", "references": [], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994635?format=api", "purl": "pkg:deb/debian/znuny@6.5.15-2~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.15-2~bpo12%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994637?format=api", "purl": "pkg:deb/debian/znuny@6.5.18-1~bpo13%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.18-1~bpo13%252B1" } ], "aliases": [ "CVE-2025-59490" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zhfb-ajkc-5uc4" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/znuny@6.5.1-1" }