There are new OTRS security issues, they most probably affect Znuny as well, but need to be confirmed with them:
OSA-2021-15 XSS attack using special link in email (CVE-2021-36092)
https://otrs.com/release-notes/otrs-security-advisory-2021-15/
(This might be https://www.znuny.org/en/advisories/zsa-2021-06, not 100% sure with the details available)
OSA-2021-14 Unautorized access to the calendar appointments (CVE-2021-36091)
https://otrs.com/release-notes/otrs-security-advisory-2021-14/
OSA-2021-13 Unautorized listing of the customer user emails (CVE-2021-21443)
https://otrs.com/release-notes/otrs-security-advisory-2021-13/
OSA-2021-10 Support Bundle includes S/Mime and PGP keys (CVE-2021-21440)
https://otrs.com/release-notes/otrs-security-advisory-2021-10/