Open Tickets
Approved changes feed: RSS · Atom
cpe:2.3:a:centreon:open_tickets:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Centreon (e01a1192-018f-55df-98f2-b9707fac306d) |
|---|---|
| Product | Open Tickets (e40827a2-27c7-552e-8ac8-1d246a041bef) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-2749 |
vulnerable | 2026-06-03 15:19:24.916037 |
Path traversal in Centreon Open Tickets
CRITICAL (9.9)
Vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centroen Open Ticket modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10.3, 24.10.8, 24.04.7.
Published: 2026-02-27T15:05:17.203Z
Updated: 2026-03-06T15:31:59.884Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-27744 |
vulnerable | 2026-06-03 15:18:07.187245 |
SPIP tickets < 4.3.3 Unauthenticated RCE
CRITICAL (9.8)
The SPIP tickets plugin versions prior to 4.3.3 contain an unauthenticated remote code execution vulnerability in the forum preview handling for public ticket pages. The plugin appends untrusted request parameters into HTML that is later rendered by a template using unfiltered environment rendering (#ENV**), which disables SPIP output filtering. As a result, an unauthenticated attacker can inject crafted content that is evaluated through SPIP's template processing chain, leading to execution of code in the context of the web server.
Published: 2026-02-25T03:08:24.714Z
Updated: 2026-03-05T01:31:25.599Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-8460 |
vulnerable | 2026-06-03 15:13:44.021106 |
A user with elevated privileges can inject XSS in the Notification rules configuration page
MEDIUM (6.8)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Notification rules, Open tickets module)
allows Stored
XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4.
Published: 2025-12-22T10:55:58.934Z
Updated: 2026-01-05T09:51:56.936Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-12514 |
vulnerable | 2026-06-03 14:58:44.476200 |
A user with elevated privileges is able to introduce a SQL Injection using the Open-tickets Notification rules configuration parameters
HIGH (7.2)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring - Open-tickets (Notification rules configuration parameters, Open tickets modules) allows
SQL Injection to user with elevated privileges.This issue affects Infra Monitoring - Open-tickets: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.5, from 23.10.0 before 23.10.4.
Published: 2025-12-22T10:59:18.155Z
Updated: 2026-01-05T09:52:48.786Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.