Product
znuny
11 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-26846
CVE-2025-26847
CVE-2025-26845
CVE-2025-43926
CVE-2025-26844
CVE-2025-26842
CVE-2024-48938
CVE-2024-48937
CVE-2024-32493
CVE-2024-32492
CVE-2024-32491
>= 6.0.0 and <= 6.0.48
An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update tic
>= 7.0.1 and <= 7.1.6
An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked.
>= 7.0.1 and <= 7.1.3
An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to
<= 6.5.14
An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateAJAX subact
<= 7.1.3
An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag.
<= 7.1.3
An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content of S/MIME encrypted e-mail message
>= 7.0.1 and <= 7.0.16
Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTM
>= 7.0.1 and <= 7.0.16
Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. JavaScript code in the short description of the SLA fie
>= 7.0.1 and <= 7.0.16
An issue was discovered in Znuny LTS 6.5.1 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in agent is able to inject
>= 7.0.1 and <= 7.0.16
An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of e
>= 7.0.1 and <= 7.0.16
An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can uplo