CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

Positive Technologies•added 2025/08/08 12:0 a.m.•0 views

PT-2025-117: Server‑Side Request Forgery (SSRF) in FreeScout

The vulnerability was identified in FreeScout , versions 1.8.182. The discovered vulnerability allows an attacker to make requests to both local and external resources, mask their own IP address and retrieve data from protected network segments. Vulnerability status: Confirmed by vendor Date of...

6.1CVSS5.8AI score

Exploits0References2

Positive Technologies•added 2025/08/08 12:0 a.m.•2 views

PT-2025-113: Stored XSS in FreeScout

The vulnerability was identified in FreeScout , versions 1.8.182. The discovered vulnerability allows an attacker to embed malicious HTML and JavaScript into content generated by FreeScout, causing script execution in the user’s browser. Vulnerability status: Confirmed by vendor Date of...

6.1CVSS5.9AI score

Exploits0References2

Positive Technologies•added 2025/08/08 12:0 a.m.•4 views

PT-2025-116: Server‑Side Request Forgery (SSRF) in FreeScout

The vulnerability was identified in FreeScout , versions 1.8.182. The discovered vulnerability allows an attacker to issue requests to restricted‑access servers, enabling internal‑network reconnaissance and subsequent attacks. Vulnerability status: Confirmed by vendor Date of vulnerability...

6.1CVSS5.8AI score

Exploits0References2

Positive Technologies•added 2025/08/08 12:0 a.m.•3 views

PT-2025-112: Stored XSS in FreeScout

The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to inject arbitrary HTML tags and JavaScript into web pages, resulting in execution of malicious code in the victim’s browser. Vulnerability status: Confirmed by vendor Date of...

6.1CVSS6.1AI score

Exploits0References2

Positive Technologies•added 2025/08/08 12:0 a.m.•2 views

PT-2025-108: Insufficient authorization in FreeScout

The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to subvert access‑control verification in the Kanban module, obtaining unauthorized access to protected functionality. Vulnerability status: Confirmed by vendor Date of vulnerability...

8.6CVSS5.8AI score

Exploits0References2

Positive Technologies•added 2025/08/08 12:0 a.m.•3 views

PT-2025-111: Insufficient authorization in FreeScout

The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to exploit incorrect authorization, obtaining information or functions beyond their privileges. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 08.08.2025...

5.8AI score

Exploits0References2

Positive Technologies•added 2025/07/19 12:0 a.m.•2 views

PT-2025-102: Deserialization of untrusted data in FreeScout

The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to deserialize unsafe data, gain control over application objects and impair its operation. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 19.07.2025...

7CVSS5.8AI score

Exploits0References2

Positive Technologies•added 2025/07/19 12:0 a.m.•3 views

PT-2025-104: Deserialization of untrusted data in FreeScout

The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to deserialize untrusted data, craft arbitrary objects and control their properties, thereby compromising the application’s functionality. Vulnerability status: Confirmed by vendor Date...

8.8CVSS5.9AI score0.06597EPSS

Exploits1References2

Positive Technologies•added 2025/07/19 12:0 a.m.•3 views

PT-2025-96: Deserialization of untrusted data leads to Remote code execution (RCE) in FreeScout

The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to deserialize arbitrary objects and fully control their properties, leading to total compromise of the web‑application logic and remote code execution RCE. Vulnerability status:...

8.8CVSS6.5AI score0.01466EPSS

Exploits1References2

Positive Technologies•added 2025/07/19 12:0 a.m.•1 views

PT-2025-100: Deserialization of untrusted data in FreeScout

The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to deserialize data, create arbitrary objects with full property control, leading to serious security breaches. Vulnerability status: Confirmed by vendor Date of vulnerability...

7.2CVSS5.9AI score

Exploits0References2

Positive Technologies•added 2025/07/19 12:0 a.m.•2 views

PT-2025-105: Deserialization of untrusted data leads to Remote code execution (RCE) in FreeScout

The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to deserialize tampered data, create objects of arbitrary classes and manipulate their properties, resulting in remote code execution. Vulnerability status: Confirmed by vendor Date of...

8.7CVSS6.2AI score

Exploits0References2

Positive Technologies•added 2025/07/19 12:0 a.m.•2 views

PT-2025-101: Deserialization of untrusted data in FreeScout

The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to deserialize manipulated data, control objects and disrupt the application. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 19.07.2025 Recommendations:...

7CVSS5.8AI score

Exploits0References2

Positive Technologies•added 2025/07/19 12:0 a.m.•2 views

PT-2025-103: Deserialization of untrusted data in FreeScout

The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to deserialize data, instantiate arbitrary objects and alter their properties, causing severe disruption of the system. Vulnerability status: Confirmed by vendor Date of vulnerability...

7CVSS5.9AI score

Exploits0References2

Positive Technologies•added 2025/07/19 12:0 a.m.•1 views

PT-2025-97: Deserialization of untrusted data in FreeScout

The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to deserialize altered data, create arbitrary objects and disrupt normal system operation. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 19.07.2025...

7.2CVSS5.9AI score

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by