CVE-2026-41190

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, when APPSHOWONLYASSIGNEDCONVERSATIONS is enabled, direct conversation view correctly blocks users who are neither the assignee nor the creator. The savedraft AJAX path is weaker. A direct POST can create a dra...

PT-2026-34039

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.215 Description The reply and draft flows trust encrypted attachment IDs supplied by the client. Any IDs included in the attachments all variable but omitted from retained lists are decrypted and passed to the...

EUVD-2011-4962

Malware in sbrugna...

CVE-2025-58033

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in leeshadle Draft website-builder allows Stored XSS.This issue affects Draft: from n/a through = 3.0.9...

SUSE CVE-2020-1767

Agent A is able to save a draft i.e. for customer reply. Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: OTRS Community Edition 6.0.x version...