|
1131
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Exposed methods allow authenticated users to create and execute arbitrary JavaScript code on the server. The scripts execute with full access, enabling complete system compromise as commands are exec…
|
CWE-78
OS Command
|
CVE-2026-9645
|
2026-06-2 03:12 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1132
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A reflected cross-site scripting issue exists in URL handling.
|
CWE-80
Basic XSS
|
CVE-2026-9646
|
2026-06-2 03:12 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1133
|
4.0 |
MEDIUM
Local
|
-
|
-
|
XX-Net V5.16.6 contains a WebSocket frame parsing vulnerability in the WebSocket_receive_worker routine of simple_http_server.py that allows attackers to cause corrupted application data by sending u…
|
CWE-1286
Improper Validation of Syntactic Correctness of Input
|
CVE-2026-10099
|
2026-06-2 03:12 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1134
|
7.2 |
HIGH
Network
|
-
|
-
|
The template upload feature in Emlog Pro v2.6.9 has a path traversal vulnerability, allowing authenticated administrators to execute arbitrary PHP code. By uploading a malicious ZIP archive containin…
|
CWE-22
Path Traversal
|
CVE-2026-39276
|
2026-06-2 03:12 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1135
|
5.7 |
MEDIUM
Network
|
-
|
-
|
An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. Th…
|
CWE-200
CWE-269
Information Exposure
Improper Privilege Management
|
CVE-2026-48210
|
2026-06-2 03:12 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1136
|
5.7 |
MEDIUM
Network
|
-
|
-
|
An uncontrolled allocation of resources without limits or throttling in the e-mail handling in OTRS allows excessive allocation which may lead to the abortion of the webserver.This issue affects OTRS…
|
CWE-400
CWE-770
Uncontrolled Resource Consumption
Allocation of Resources Without Limits or Throttling
|
CVE-2026-48187
|
2026-06-2 03:12 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1137
|
9.1 |
CRITICAL
Network
|
-
|
-
|
An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue o…
|
CWE-20
Improper Input Validation
|
CVE-2026-48188
|
2026-06-2 03:12 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1138
|
5.7 |
MEDIUM
Network
|
-
|
-
|
An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note that the feature has to be anabled a…
|
CWE-200
Information Exposure
|
CVE-2026-48189
|
2026-06-2 03:12 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1139
|
3.5 |
LOW
Network
|
-
|
-
|
An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be…
|
CWE-276
Incorrect Default Permissions
|
CVE-2026-48190
|
2026-06-2 03:12 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1140
|
3.5 |
LOW
Network
|
-
|
-
|
An incorrect handling of permissions in STORM powered by OTRS and in OTRS (2026.x and above) Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA an…
|
CWE-276
Incorrect Default Permissions
|
CVE-2026-48191
|
2026-06-2 03:12 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
