1220 matches found
CVE-2026-41183
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder query builders. Global search and the AJAX filter path still reveal conversations that should be...
CVE-2026-41190
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, when APPSHOWONLYASSIGNEDCONVERSATIONS is enabled, direct conversation view correctly blocks users who are neither the assignee nor the creator. The savedraft AJAX path is weaker. A direct POST can create a dra...
Linux Distros Unpatched Vulnerability : CVE-2026-42784
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - rust-sequoia-openpgp - None Ubuntu Linux - openpgp: Don't imply missing key flags from key type CVE-2026-42784 Note that Nessus relies on the...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: cfg80211: Calling cfg80211stopap when switching from P2PGO type If the user-space tools switch from NL80211IFTYPEP2PGO to NL80211IFTYPEADHOC via sendmsgNL80211CMDSETINTERFACE, it does not call the cleanup function cfg80211stopap...
CVE-2026-41183
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder query builders. Global search and the AJAX filter path still reveal conversations that should be...
CVE-2026-41190 FreeScout has assigned-only visibility bypass via save_draft that allows hidden conversation draft injection
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, when APPSHOWONLYASSIGNEDCONVERSATIONS is enabled, direct conversation view correctly blocks users who are neither the assignee nor the creator. The savedraft AJAX path is weaker. A direct POST can create a dra...
CVE-2026-41190 FreeScout has assigned-only visibility bypass via save_draft that allows hidden conversation draft injection
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, when APPSHOWONLYASSIGNEDCONVERSATIONS is enabled, direct conversation view correctly blocks users who are neither the assignee nor the creator. The savedraft AJAX path is weaker. A direct POST can create a dra...
CVE-2026-41190
FreeScout (self-hosted help desk) is affected pre-1.8.215. When APP_SHOW_ONLY_ASSIGNED_CONVERSATIONS is enabled, the UI correctly blocks users who are neither the assignee nor the creator in direct conversation view, but the save_draft AJAX path is weaker. A crafted direct POST can create a draft...
CVE-2026-41189
FreeScout prior to 1.8.215 is vulnerable: customer-thread editing bypasses the assigned-only visibility due to ThreadPolicy::edit() not enforcing ConversationPolicy restrictions, allowing a user who cannot view a conversation to load and edit hidden customer-authored threads. The issue is address...
CVE-2026-41189 FreeScout has assigned-only visibility bypass that allows editing hidden customer-authored threads
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, customer-thread editing is authorized through ThreadPolicy::edit, which checks mailbox access but does not apply the assigned-only restriction from ConversationPolicy. A user who cannot view a conversation can...
CVE-2026-41189 FreeScout has assigned-only visibility bypass that allows editing hidden customer-authored threads
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, customer-thread editing is authorized through ThreadPolicy::edit, which checks mailbox access but does not apply the assigned-only restriction from ConversationPolicy. A user who cannot view a conversation can...
CVE-2026-41183 FreeScout allows non-folder conversation queries to disclose assigned-only hidden conversations
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder query builders. Global search and the AJAX filter path still reveal conversations that should be...
CVE-2026-41183 FreeScout allows non-folder conversation queries to disclose assigned-only hidden conversations
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder query builders. Global search and the AJAX filter path still reveal conversations that should be...
CVE-2026-41183
FreeScout core issue: prior to v1.8.215, the assigned‑only restriction was enforced for direct conversation view and folder queries but not for non‑folder query builders. As a result, global search and the AJAX filter path could disclose conversations that should have been hidden. Impact involves...
CVE-2026-41183
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder query builders. Global search and the AJAX filter path still reveal conversations that should be...
FreeScout 安全漏洞
FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.215 contained security vulnerabilities. These vulnerabilities stemmed from a weak AJAX path for the savedraft function when th...
Chromium: CVE-2026-5893 Race in V8
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
CVE-2026-3566
After further discussion, the issue was determined to not meet the criteria for CVE assignment...
Chromium: CVE-2026-4442 Heap buffer overflow in CSS
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
CVE-2026-27163
This CVE was assigned in error...