CVE-2025-48472 FreeScout Vulnerable to Insufficient Authorization

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, there is no check to ensure that the user is disabling notifications for the mailbox to which they already have access. Moreover, the code explicitly implements functionality that if the user does not have...

MINI-Q4V9-C9XF-VM9G

Bulletin has no description...

MINI-GVRR-CJ3H-CX7W

Bulletin has no description...

MINI-83MW-7H56-M733

Bulletin has no description...

FreeScout 安全漏洞

FreeScout is an ultra-lightweight and powerful free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout, Inc. A security vulnerability exists in FreeScout versions prior to 1.8.179 that stems from not validating a user's notification setting permissions for a...

PT-2025-23326 · Undefined · Undefined

CVE-2022-44613 - Apache HTTP Server Remote Code Execution CVE ID : CVE-2022-44613 Published : May 28, 2025, 7:15 p.m. | 2 hours, 16 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused Severity: 0.0 | NA Visit th...

BIT-MODSECURITY-2025-47947 ModSecurity Has Possible DoS Vulnerability

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...

CVE-2025-4975

When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device...

CVE-2024-51360

creationtimestamp| type| source ---|---|--- 2025-05-23 17:24:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lpu5k6okc32r...

CVE-2025-22579

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Arefly WP Header Notification wp-header-notification allows Stored XSS.This issue affects WP Header Notification: from n/a through = 1.2.7...

CVE-2024-46988

Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, users might receive email notification with information they should not have access to...

CVE-2024-46978

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing...

CVE-2024-3148

A vulnerability, which was classified as critical, has been found in DedeCMS 5.7.112. This issue affects some unknown processing of the file dede/makehtmlarchivesaction.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public...

CVE-2024-1898

Improper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier allows a low privileged user to change notifications settings configured by an administrator...

CVE-2024-0021

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way for an app in the work profile to enable notification listener services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...

CVE-2024-0625

The WPFront Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpfront-notification-bar-optionscustomclass’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-3236

The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-3031

The Fluid Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

CVE-2024-29819

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Syam Mohan WPFront Notification Bar allows Stored XSS.This issue affects WPFront Notification Bar: from n/a through 3.3.2...

CVE-2024-31261

Missing Authorization vulnerability in Aakash Chakravarthy Announcer – Notification & message bars.This issue affects Announcer – Notification & message bars: from n/a through 6.0...