Lucene search
+L

321 matches found

Vulnrichment
Vulnrichment
added 2026/04/21 4:54 p.m.4 views

CVE-2026-40591 FreeScout: Improper Authorization in Phone Conversation Creation Enables Cross-Mailbox Hidden Customer Modification

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the phone-conversation creation flow accepts attacker-controlled customerid, name, toemail, and phone values and resolves the target customer in the backend without enforcing mailbox-scoped customer visibility...

7.1CVSS5.8AI score0.00211EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.11 views

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.215 contained security vulnerabilities. These vulnerabilities stemmed from a weak AJAX path for the savedraft function when th...

7.1CVSS5.8AI score0.00211EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.9 views

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.214 contained security vulnerabilities. These vulnerabilities stemmed from the phone conversation creation process, which...

7.1CVSS5.8AI score0.00211EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.16 views

PT-2026-34030

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, when APP SHOW ONLY ASSIGNED CONVERSATIONS is enabled, direct conversation view correctly blocks users who are neither the assignee nor the creator. The save draft AJAX path is weaker. A direct POST can create ...

7.1CVSS5.8AI score0.00211EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.13 views

PT-2026-34028

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder query builders. Global search and the AJAX filter path still reveal conversations that should be...

4.3CVSS5.8AI score0.00224EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.13 views

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.215 contained security vulnerabilities. These vulnerabilities stemmed from the fact that restrictions were only applied to...

4.3CVSS5.8AI score0.00224EPSS
Exploits0References1
CVE
CVE
added 2026/04/20 11:3 p.m.35 views

CVE-2026-34082

CVE-2026-34082 affects the open-source platform Dify . A flaw in the authorization of the endpoint DELETE /console/api/installed-apps//conversations/ (prior to 1.13.1) allows any authenticated user to delete another user’s chat history, an IDOR-type vulnerability. This could enable unauthorized a...

5.3CVSS5.7AI score0.00188EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/20 11:3 p.m.30 views

CVE-2026-34082 Dify has IDOR in deleting someone else's chat conversation

Dify is an open-source LLM app development platform. Prior to 1.13.1, the method DELETE /console/api/installed-apps//conversations/ has poor authorization checking and allows any Dify-authenticated user to delete someone else's chat history. Version 1.13.1 patches the issue...

5.3CVSS0.00188EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/20 11:3 p.m.7 views

EUVD-2026-23984

Dify is an open-source LLM app development platform. Prior to 1.13.1, the method DELETE /console/api/installed-apps//conversations/ has poor authorization checking and allows any Dify-authenticated user to delete someone else's chat history. Version 1.13.1 patches the issue...

5.3CVSS5.7AI score0.00188EPSS
Exploits1References2
OSV
OSV
added 2026/04/20 11:3 p.m.3 views

CVE-2026-34082 Dify has IDOR in deleting someone else's chat conversation

Dify is an open-source LLM app development platform. Prior to 1.13.1, the method DELETE /console/api/installed-apps//conversations/ has poor authorization checking and allows any Dify-authenticated user to delete someone else's chat history. Version 1.13.1 patches the issue...

5.3CVSS5.9AI score0.00188EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.12 views

dify 安全漏洞

Dify is an open-source LLM application development platform developed by LangGenius. Versions of Dify prior to 1.13.1 contained a security vulnerability. This vulnerability stemmed from insufficient authorization checks in the DELETE /console/api/installed-apps//conversations/ method, which could...

5.3CVSS5.8AI score0.00188EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2026/04/13 12:0 a.m.8 views

A Synthetic Conversational Smishing Dataset for Social Engineering Detection

Smishing SMS phishing has become a serious cybersecurity threat, especially for elderly and cyber-unaware individuals, causing financial loss and undermining user trust. Although prior work has focused on detecting smishing at the level of individual messages, real-world attackers often rely on...

5.8AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2026/04/09 12:0 a.m.3 views

VulnCheck KEV: CVE-2026-21445

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories...

9.3CVSS5.8AI score0.20655EPSS
In wildExploits1References3
Cvelist
Cvelist
added 2026/04/08 12:59 p.m.21 views

CVE-2026-35023 Wimi Teamwork On-Premises < 8.2.0 IDOR via preview.php

Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the itemid parameter lacks proper authorization checks. Attackers can enumerate sequential itemid values to access and retrieve image previews from other...

5.3CVSS0.00179EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/08 12:59 p.m.2 views

CVE-2026-35023

Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the itemid parameter lacks proper authorization checks. Attackers can enumerate sequential itemid values to access and retrieve image previews from other...

5.3CVSS5.9AI score0.00179EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.7 views

PT-2026-31307

Name of the Vulnerable Software and Affected Versions Wimi Teamwork On-Premises versions prior to 8.2.0 Description Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference issue in the /preview.php endpoint. The item id parameter does not have sufficient...

5.3CVSS5.8AI score0.00179EPSS
Exploits0References6
OSV
OSV
added 2026/04/07 8:43 a.m.6 views

BIT-DISCOURSE-2026-32243 Discourse: Stored XSS in discourse-ai shared conversations onebox

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.3, and 2026.2.0 to before 2026.2.2, an attacker with the ability to create shared AI conversations could inject arbitrary HTML and JavaScript via crafted conversation titles. This payload would execute in the...

6.1CVSS5.9AI score0.00169EPSS
Exploits0References3
HackRead
HackRead
added 2026/04/03 8:3 p.m.8 views

Fake ChatGPT Ad Blocker Chrome Extension Caught Spying on Users

A fake Chrome browser extension called 'ChatGPT Ad Blocker' was harvesting conversations of ChatGPT users in the name of offering an ad-free experience...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/01 10:58 a.m.5 views

CVE-2026-4400

Insecure Direct Object Reference IDOR vulnerability in 1millionbot Millie chat that allows private conversations of other users being viewed by simply changing the conversation ID. The vulnerability is present in the endpoint 'api.1millionbot.com/api/public/conversations/' and, if exploited, coul...

7CVSS6AI score0.00209EPSS
Exploits0References1
OSV
OSV
added 2026/03/31 5:39 p.m.7 views

CVE-2026-32243 Discourse: Stored XSS in discourse-ai shared conversations onebox

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an attacker with the ability to create shared AI conversations could inject arbitrary HTML and JavaScript via crafted...

5.3CVSS6AI score0.00169EPSS
Exploits0References4
Rows per page
Query Builder