CVE-2025-26844

Critical CVSS: 9.8

An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag.

Vendor

Product

CWE

Yayın Tarihi

2025-05-08 16:15:25

Güncelleme

2025-06-12 16:47:10

Source Identifier

cve@mitre.org

KEV Date Added

CWE-1004 Znuny CRITICAL Znuny 2025

https://www.znuny.com https://www.znuny.org/en/advisories/zsa-2025-05

Critical

CVE-2025-26846

An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to…

Critical

CVE-2025-26845

An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can us…

High

CVE-2025-26847

An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked.

Medium

CVE-2025-43926

An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateA…

High

CVE-2025-26842

An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content of S/MIME encrypted e-ma…