183 matches found
CVE-2026-41183
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder query builders. Global search and the AJAX filter path still reveal conversations that should be...
CVE-2026-41183 FreeScout allows non-folder conversation queries to disclose assigned-only hidden conversations
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder query builders. Global search and the AJAX filter path still reveal conversations that should be...
CVE-2026-41183
FreeScout core issue: prior to v1.8.215, the assigned‑only restriction was enforced for direct conversation view and folder queries but not for non‑folder query builders. As a result, global search and the AJAX filter path could disclose conversations that should have been hidden. Impact involves...
EUVD-2026-24191
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder query builders. Global search and the AJAX filter path still reveal conversations that should be...
CVE-2026-41183
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder query builders. Global search and the AJAX filter path still reveal conversations that should be...
PT-2026-34028
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder query builders. Global search and the AJAX filter path still reveal conversations that should be...
FreeScout 安全漏洞
FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.215 contained security vulnerabilities. These vulnerabilities stemmed from the fact that restrictions were only applied to...
CVE-2026-39338 ChurchCRM has Blind XSS via Global Search – Administrative Cookie Session Exfiltration
ChurchCRM is an open-source church management system. Prior to 7.1.0, a Blind Reflected Cross-Site Scripting vulnerability exists in the search parameter accepted by the ChurchCRM dashboard. The application fails to sanitize or encode user-supplied input prior to rendering it within the browser's...
CVE-2026-3049
A vulnerability was detected in horilla-opensource horilla up to 1.0.2. This issue affects the function get of the file horillagenerics/globalsearch.py of the component Query Parameter Handler. The manipulation of the argument prevurl results in open redirect. The attack can be executed remotely...
CVE-2026-3049
Affected software: horilla-opensource horilla (up to 1.0.2). Vulnerable component/file: Query Parameter Handler, specifically the function get in horilla_generics/global_search.py. Root cause: manipulation of the argument prev_url leads to an open redirect. Impact: remote exploitation possibility...
CVE-2026-3049 horilla-opensource horilla Query Parameter global_search.py get redirect
A vulnerability was detected in horilla-opensource horilla up to 1.0.2. This issue affects the function get of the file horillagenerics/globalsearch.py of the component Query Parameter Handler. The manipulation of the argument prevurl results in open redirect. The attack can be executed remotely...
EUVD-2026-7457
A vulnerability was detected in horilla-opensource horilla up to 1.0.2. This issue affects the function get of the file horillagenerics/globalsearch.py of the component Query Parameter Handler. The manipulation of the argument prevurl results in open redirect. The attack can be executed remotely...
CVE-2026-3049
A vulnerability was detected in horilla-opensource horilla up to 1.0.2. This issue affects the function get of the file horillagenerics/globalsearch.py of the component Query Parameter Handler. The manipulation of the argument prevurl results in open redirect. The attack can be executed remotely...
PT-2026-21595
A vulnerability was detected in horilla-opensource horilla up to 1.0.2. This issue affects the function get of the file horilla generics/global search.py of the component Query Parameter Handler. The manipulation of the argument prev url results in open redirect. The attack can be executed...
SQL Injection
devcode-it/openstamanager is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the term parameter in SQL LIKE clauses within the global search functionality, which allows an attacker to inject malicious SQL queries and extract sensitive data through time-based...
CVE-2026-24417
OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the global search functionality. The application fails to properly sanitize the term parameter before...
CVE-2026-24417
OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the global search functionality. The application fails to properly sanitize the term parameter before...
SQL Injection
Overview devcode-it/openstamanager is a management software for technical assistance and electronic invoicing Affected versions of this package are vulnerable to SQL Injection via the term parameter in the global search functionality. An attacker can extract sensitive database contents, including...
CVE-2026-24417
OpenSTAManager (v2.9.8 and earlier) contains a Time-Based Blind SQL Injection in the global search that concatenates the user-supplied term into SQL LIKE clauses across 10+ modules via /ajax_search.php. The vulnerability arises from direct string interpolation of $term in multiple module search.p...
CVE-2026-24417
OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the global search functionality. The application fails to properly sanitize the term parameter before...