|
3011
|
7.2 |
HIGH
Network
|
-
|
-
|
The template upload feature in Emlog Pro v2.6.9 has a path traversal vulnerability, allowing authenticated administrators to execute arbitrary PHP code. By uploading a malicious ZIP archive containin…
|
CWE-22
Path Traversal
|
CVE-2026-39276
|
2026-06-2 03:12 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3012
|
5.7 |
MEDIUM
Network
|
-
|
-
|
An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. Th…
|
CWE-200
CWE-269
Information Exposure
Improper Privilege Management
|
CVE-2026-48210
|
2026-06-2 03:12 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3013
|
5.7 |
MEDIUM
Network
|
-
|
-
|
An uncontrolled allocation of resources without limits or throttling in the e-mail handling in OTRS allows excessive allocation which may lead to the abortion of the webserver.This issue affects OTRS…
|
CWE-400
CWE-770
Uncontrolled Resource Consumption
Allocation of Resources Without Limits or Throttling
|
CVE-2026-48187
|
2026-06-2 03:12 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3014
|
9.1 |
CRITICAL
Network
|
-
|
-
|
An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue o…
|
CWE-20
Improper Input Validation
|
CVE-2026-48188
|
2026-06-2 03:12 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3015
|
5.7 |
MEDIUM
Network
|
-
|
-
|
An improper Input Validation vulnerability in OTRS Customer Backend module allows to access customer information which are restricted to other groups. Please note that the feature has to be anabled a…
|
CWE-200
Information Exposure
|
CVE-2026-48189
|
2026-06-2 03:12 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3016
|
3.5 |
LOW
Network
|
-
|
-
|
An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be…
|
CWE-276
Incorrect Default Permissions
|
CVE-2026-48190
|
2026-06-2 03:12 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3017
|
3.5 |
LOW
Network
|
-
|
-
|
An incorrect handling of permissions in STORM powered by OTRS and in OTRS (2026.x and above) Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA an…
|
CWE-276
Incorrect Default Permissions
|
CVE-2026-48191
|
2026-06-2 03:12 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3018
|
6.5 |
MEDIUM
Network
|
-
|
-
|
An improper neutralization of active SVG content in OTRS or ((OTRS)) Community Edition ticket article rendering allows attackers to inject specially crafted SVG payloads via email content, leading to…
|
CWE-400
CWE-791
Uncontrolled Resource Consumption
Incomplete Filtering of Special Elements
|
CVE-2026-48208
|
2026-06-2 03:12 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3019
|
7.1 |
HIGH
Network
|
-
|
-
|
An improper neutralization of user-controllable input in OTRS or ((OTRS)) Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting (XSS) attacks via …
|
CWE-79
CWE-116
Cross-site Scripting
Improper Encoding or Escaping of Output
|
CVE-2026-48209
|
2026-06-2 03:12 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3020
|
7.8 |
HIGH
Local
|
-
|
-
|
A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatte…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-10118
|
2026-06-2 03:12 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
