Enhancesoft: community verdicts
2 notable / known-exploited Enhancesoft CVEs the community has triaged.
ⓘ Not an exhaustive list: we focus on the findings that matter (exploited / notable). For every Enhancesoft CVE, see NVD ↗.
- CVE-2021-45811MED 6.5EPSS 3%
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
- CVE-2026-26895MED 5.3EPSS 0%
User enumeration vulnerability in /pwreset.php in osTicket v1.18.2 allows remote attackers to enumerate valid usernames registered in the platform.