目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

zammad 厂商漏洞列表 / CVE 中文分析 14

zammad 厂商相关 14 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

Zammad 是开源服务台与帮助台系统,提供客户支持与IT服务管理功能。历史上常见漏洞类型包括远程代码执行、跨站脚本和权限绕过,主要源于输入验证不足和访问控制缺陷。系统虽具备基本安全机制,但曾因未修复漏洞导致数据泄露风险。截至最新统计,该项目已记录14条CVE漏洞,建议用户及时更新版本并加强安全配置以防范潜在威胁。

14 件の結果 / 14フィルターをクリア
上位製品 zammad: Zammad
CVE IDタイトルCVSS深刻度公開日
CVE-2026-34837 Zammad is miissing authorization in AI assistance controller for context data used in text tools — zammadCWE-862 7.1AIHighAI2026-04-08
CVE-2026-34782 Zammad has improper access control in AI assistance controller for text tools — zammadCWE-862 8.8AIHighAI2026-04-08
CVE-2026-34724 Zammad has a server-side template injection leading to RCE via AI Agent — zammadCWE-94 7.2AIHighAI2026-04-08
CVE-2026-34723 Zammad has incorrect access control in getting_started_controller — zammadCWE-284 7.5AIHighAI2026-04-08
CVE-2026-34722 Zammad is missing authorization in ticket create endpoint — zammadCWE-862 4.3AIMediumAI2026-04-08
CVE-2026-34721 Zammad has Cross-site request forgery (CSRF) in OAuth callback endpoints — zammadCWE-352 8.8AIHighAI2026-04-08
CVE-2026-34720 Zammad has an origin validation error in SSO mechanism — zammadCWE-346 7.1AIHighAI2026-04-08
CVE-2026-34719 Zammad has a Server-side request forgery (SSRF) via webhooks — zammadCWE-918 6.5AIMediumAI2026-04-08
CVE-2026-34718 Zammad improperly neutralizes of script-related HTML tags in ticket articles — zammadCWE-80 5.4AIMediumAI2026-04-08
CVE-2026-34248 Zammad has an information disclosure in ticket detail view of customers in shared organizations — zammadCWE-284 3.5AILowAI2026-04-08
CVE-2025-32358 Zammad 安全漏洞 — ZammadCWE-918 4.0 Medium2025-04-05
CVE-2025-32359 Zammad 安全漏洞 — ZammadCWE-602 4.8 Medium2025-04-05
CVE-2025-32360 Zammad 安全漏洞 — ZammadCWE-402 4.2 Medium2025-04-05
CVE-2025-32357 Zammad 安全漏洞 — ZammadCWE-288 4.3 Medium2025-04-05

本页汇总了 zammad 厂商截至目前公开的全部 14 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。