CVE-2026-40498

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can access diagnostic and system tools that should be restricted to administrators. The /system/cron endpoint relies on a static MD5 hash derived from the APPKEY, which is exposed i...

EUVD-2026-24137

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can access diagnostic and system tools that should be restricted to administrators. The /system/cron endpoint relies on a static MD5 hash derived from the APPKEY, which is exposed i...

PT-2026-33992

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can access diagnostic and system tools that should be restricted to administrators. The /system/cron endpoint relies on a static MD5 hash derived from the APP KEY, which is exposed ...

EUVD-2026-10883

Parse Server has role escalation and CLP bypass via direct Join table write...

CVE-2026-30966

Parse Server prior to 9.5.2-alpha.7 and 8.6.20 is vulnerable: internal tables backing Relation field mappings are accessible via REST/GraphQL using only the application key, allowing any client to create/read/update/delete records in relation tables and potentially inject themselves into any Pars...

CVE-2026-27637

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's TokenAuth middleware uses a predictable authentication token computed as MD5userid + createdat + APPKEY. This token is static never expires/rotates, and if an attacker obtains...

CVE-2026-27637

FreeScout (Laravel-based) before version 1.8.206 is affected by two linked issues. CVE-2026-27637: the TokenAuth middleware uses a predictable token computed as MD5(user_id + created_at + APP_KEY). The token is static and, if an attacker obtains APP_KEY, they can generate a valid token for any us...

CVE-2026-27637

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's TokenAuth middleware uses a predictable authentication token computed as MD5userid + createdat + APPKEY. This token is static never expires/rotates, and if an attacker obtains...

EUVD-2026-8611

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's TokenAuth middleware uses a predictable authentication token computed as MD5userid + createdat + APPKEY. This token is static never expires/rotates, and if an attacker obtains...

CVE-2026-27637 FreeScout's Predictable Authentication Token Enables Account Takeover

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's TokenAuth middleware uses a predictable authentication token computed as MD5userid + createdat + APPKEY. This token is static never expires/rotates, and if an attacker obtains...

PT-2026-21854

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.206 Description FreeScout’s TokenAuth middleware generates authentication tokens using a predictable method: MD5user id + created at + APP KEY. These tokens are static and do not expire or rotate. If an attacker...

CVE-2022-50938 CONTPAQi® AdminPAQ 14.0.0 - Unquoted Service Path

CONTPAQi AdminPAQ 14.0.0 contains an unquoted service path vulnerability in the AppKeyLicenseServer service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject malicious code in the service binary path, potentially executing arbitrary code with elevated system...

CONTPAQi AdminPAQ 代码问题漏洞

CONTPAQi AdminPAQ is an administrative software from CONTPAQi, Mexico. A code issue vulnerability exists in CONTPAQi AdminPAQ version 14.0.0, which stems from the presence of unquoted service paths to the AppKeyLicenseServer service, which could allow an attacker to execute arbitrary code with...

📄 Invoice Ninja 5.8.22 PHP Code Injection

Invoice Ninja version 5.8.22 remote proof of concept exploit for a PHP code injection vulnerability. ============================================================================================================================================= | Title : Invoice Ninja v 5.8.22 PHP Code Injection...

EUVD-2017-0233

Malware in sbrugna...

EUVD-2025-31635

Malicious code in bioql PyPI...

EUVD-2025-30250

Malicious code in bioql PyPI...

CVE-2025-34216 Vasion Print (formerly PrinterLogic) RCE and Password Leaks via API

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 VA deployments only expose a set of unauthenticated REST API endpoints that return configuration files and clear‑text passwords. The same endpoints also disclose the...

CVE-2025-34216

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 VA deployments only expose a set of unauthenticated REST API endpoints that return configuration files and clear‑text passwords. The same endpoints also disclose the...

CVE-2025-58163 FreeScout's deserialization of untrusted data can lead to Remote Code Execution

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.185 and earlier contain a deserialization of untrusted data vulnerability that allows authenticated attackers with knowledge of the application's APPKEY to achieve remote code execution. The...