Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.9 views

CVE-2026-40570

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the loadcustomerinfo action in POST /conversation/ajax returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to retriev...

7.1CVSS5.5AI score0.00249EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/21 4:48 p.m.31 views

CVE-2026-40570 FreeScout's Missing Authorization in load_customer_info Allows Any Authenticated User to Access Full Customer PII

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the loadcustomerinfo action in POST /conversation/ajax returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to retriev...

7.1CVSS0.00249EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/21 4:48 p.m.4 views

CVE-2026-40570

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the loadcustomerinfo action in POST /conversation/ajax returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to retriev...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/21 4:48 p.m.4 views

CVE-2026-40570 FreeScout's Missing Authorization in load_customer_info Allows Any Authenticated User to Access Full Customer PII

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the loadcustomerinfo action in POST /conversation/ajax returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to retriev...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References3
CVE
CVE
added 2026/04/21 4:48 p.m.17 views

CVE-2026-40570

FreeScout prior to 1.8.213 exposes sensitive customer data. The load_customer_info action at POST /conversation/ajax returns full customer profile data to any authenticated user without mailbox-access verification, requiring only a valid email to retrieve PII. Affected version range is before 1.8...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.7 views

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.213 contained security vulnerabilities. These vulnerabilities stemmed from the loadcustomerinfo operation in POST...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.9 views

PT-2026-34020

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the load customer info action in POST /conversation/ajax returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References6
Rows per page
Query Builder