znuny CVE Vulnerabilities & Metrics

Focus on znuny vulnerabilities and metrics.

Last updated: 07 Jun 2025, 22:25 UTC

About znuny Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with znuny. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total znuny CVEs: 4
Earliest CVE date: 11 Oct 2024, 21:15 UTC
Latest CVE date: 08 May 2025, 17:16 UTC

Latest CVE reference: CVE-2025-26847

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 4

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): -100.0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): -100.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical znuny CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.0

Max CVSS: 0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	4
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS znuny CVEs

These are the five CVEs with the highest CVSS scores for znuny, sorted by severity first and recency.

CVE-2025-26847 znuny Published on 08 May 2025, 17:16 UTC (CVSS: 0)
An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked.
CVE-2025-26845 znuny Published on 08 May 2025, 17:16 UTC (CVSS: 0)
An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script.
CVE-2024-48938 znuny Published on 11 Oct 2024, 21:15 UTC (CVSS: 0)
Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied from Microsoft Word could lead to high CPU usage and block the parsing process.
CVE-2024-48937 znuny Published on 11 Oct 2024, 21:15 UTC (CVSS: 0)
Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. JavaScript code in the short description of the SLA field in Activity Dialogues is executed.

All CVEs for znuny

CVE-2025-26847 znuny vulnerability CVSS: 0 08 May 2025, 17:16 UTC

An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked.

CVE-2025-26845 znuny vulnerability CVSS: 0 08 May 2025, 17:16 UTC

An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script.

CVE-2024-48938 znuny vulnerability CVSS: 0 11 Oct 2024, 21:15 UTC

Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied from Microsoft Word could lead to high CPU usage and block the parsing process.

CVE-2024-48937 znuny vulnerability CVSS: 0 11 Oct 2024, 21:15 UTC

Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. JavaScript code in the short description of the SLA field in Activity Dialogues is executed.