Lucene search
K

683 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/29 7:47 p.m.8 views

CVE-2026-48811

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a non-admin user to permanently delete an internal note private thread from any conversation, even after that user's access to the mailbox containing the conversation has been...

4.3CVSS5.7AI score0.00155EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/29 7:47 p.m.15 views

EUVD-2026-33437

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a non-admin user to permanently delete an internal note private thread from any conversation, even after that user's access to the mailbox containing the conversation has been...

4.3CVSS5.7AI score0.00155EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 7:47 p.m.23 views

CVE-2026-48811

FreeScout (Laravel) contains a vulnerability where a non-admin can permanently delete an internal note (private thread) in any conversation, even after mailbox access is revoked. The root cause is the ThreadPolicy::delete authorization not verifying mailbox membership, allowing former members to ...

4.3CVSS5.7AI score0.00155EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.11 views

PT-2026-44996

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a non-admin user to permanently delete an internal note private thread from any conversation, even after that user's access to the mailbox containing the conversation has been...

4.3CVSS5.7AI score0.00155EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

FreeScout 授权问题漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.221 contained an authorization vulnerability. This vulnerability stemmed from a lack of email membership checks in the...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.16 views

PT-2026-44987

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.219 Description The password reset endpoint returns visually distinct responses based on whether the submitted email address is associated with an existing user account. This allows unauthenticated attackers to...

5.3CVSS5.8AI score0.0021EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.18 views

PT-2026-44993

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processing pipeline in FreeScout's FetchEmails command has two code paths for identifying agent user replies based on In-Reply-To / References headers. The notification reply path...

7.5CVSS5.9AI score0.00145EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.219 contained security vulnerabilities. These vulnerabilities stemmed from the password reset endpoint, which returned visuall...

5.3CVSS5.8AI score0.0021EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.13 views

FreeScout 数据伪造问题漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.220 contained a data manipulation vulnerability. This vulnerability stemmed from the use of In-Reply-To/References headers in...

7.5CVSS5.7AI score0.00145EPSS
Exploits0References2
NVD
NVD
added 2026/05/07 7:16 p.m.12 views

CVE-2026-41904

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store an XSS payload in the mailbox auto-reply message. The payload is rendered unescaped in the auto-reply email sent to every customer who...

7.6CVSS0.00171EPSS
Exploits0References2
NVD
NVD
added 2026/05/07 7:16 p.m.30 views

CVE-2026-41906

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversationchangecustomer action accepts any supplied...

7.1CVSS0.00168EPSS
Exploits0References2
NVD
NVD
added 2026/05/07 7:16 p.m.17 views

CVE-2026-41905

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl but then re-validates the original URL instead of the final redirect destination. An...

7.7CVSS0.00209EPSS
Exploits0References2
NVD
NVD
added 2026/05/07 7:16 p.m.11 views

CVE-2026-41902

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, the /user-setup/hash endpoint accepts a 60-character random invitehash to set a new user's password. The endpoint performs no expiration check — the hash remains valid indefinitely until...

9.1CVSS0.00246EPSS
Exploits0References2
NVD
NVD
added 2026/05/07 7:16 p.m.8 views

CVE-2026-41903

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user holding the PERMEDITUSERS permission intended for general user-profile editing can read and modify the notification subscriptions of any other user, including admins, by sending a...

5.4CVSS0.00262EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/07 6:9 p.m.56 views

CVE-2026-41906 FreeScout: Conversation Change-Customer Cross-Mailbox Authorization Bypass

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversationchangecustomer action accepts any supplied...

7.1CVSS0.00168EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/07 6:9 p.m.8 views

CVE-2026-41906 FreeScout: Conversation Change-Customer Cross-Mailbox Authorization Bypass

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversationchangecustomer action accepts any supplied...

7.1CVSS5.7AI score0.00168EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/07 6:9 p.m.7 views

CVE-2026-41906

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversationchangecustomer action accepts any supplied...

7.1CVSS5.7AI score0.00168EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/07 6:9 p.m.11 views

EUVD-2026-28409

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversationchangecustomer action accepts any supplied...

7.1CVSS5.7AI score0.00168EPSS
Exploits0References2
CVE
CVE
added 2026/05/07 6:9 p.m.18 views

CVE-2026-41906

FreeScout (PHP Laravel) prior to 1.8.214 is vulnerable: the backend action conversation_change_customer accepts any supplied customer_email, allowing a low-privilege agent to bind a visible conversation to a hidden customer in another mailbox via forged requests. The Change Customer modal correct...

7.1CVSS5.7AI score0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/07 6:8 p.m.36 views

CVE-2026-41905 FreeScout vulnerable to SSRF via Helper::sanitizeRemoteUrl: redirect destination not re-validated, allowing internal HTTP / cloud-metadata access

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl but then re-validates the original URL instead of the final redirect destination. An...

7.7CVSS0.00209EPSS
Exploits0References2
Rows per page
Query Builder