CVE-2026-40570

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the loadcustomerinfo action in POST /conversation/ajax returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to retriev...

CVE-2026-40570 FreeScout's Missing Authorization in load_customer_info Allows Any Authenticated User to Access Full Customer PII

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the loadcustomerinfo action in POST /conversation/ajax returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to retriev...

CVE-2026-40570

FreeScout prior to 1.8.213 exposes sensitive customer data. The load_customer_info action at POST /conversation/ajax returns full customer profile data to any authenticated user without mailbox-access verification, requiring only a valid email to retrieve PII. Affected version range is before 1.8...

CVE-2026-40570

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the loadcustomerinfo action in POST /conversation/ajax returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to retriev...

CVE-2026-40570 FreeScout's Missing Authorization in load_customer_info Allows Any Authenticated User to Access Full Customer PII

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the loadcustomerinfo action in POST /conversation/ajax returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to retriev...

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.213 contained security vulnerabilities. These vulnerabilities stemmed from the loadcustomerinfo operation in POST...

PT-2026-34020

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the load customer info action in POST /conversation/ajax returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to...

MAL-2025-41511 Malicious code in @twork-data-services/proxy-invest-v2-api-v2-broker-account-customer-info (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2025-36594

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Authentication Bypass by Spoofing vulnerability. An...

CVE-2024-5195

A vulnerability was found in Arris VAP2500 08.50. It has been rated as critical. Affected by this issue is some unknown functionality of the file /diags.php. The manipulation of the argument customerinfo leads to command injection. The attack may be launched remotely. The exploit has been disclos...

Arris VAP2500 命令注入漏洞

The Arris VAP2500 is a wireless video access point device from Arris USA. A command injection vulnerability exists in the Arris VAP2500 version 08.50, which stems from the fact that manipulation of the parameter customerinfo in the file /diags.php can result in command injection...

Hackers Access Customer Info, Corporate Systems in MongoDB Data Breach

By Waqas The latest cybersecurity incident to impact a large-scale and highly popular company is the MongoDB Data Breach. This is a post from HackRead.com Read the original post: Hackers Access Customer Info, Corporate Systems in MongoDB Data Breach...

Western Digital Confirms Customer Data Stolen by Hackers in March Breach

Digital storage giant Western Digital confirmed that an "unauthorized third party" gained access to its systems and stole personal information belonging to the company's online store customers. "This information included customer names, billing and shipping addresses, email addresses and telephon...

Information Disclosure

shopware/shopware is vulnerable to information disclosure. The vulnerability exists in getCustomer function in Customer.php because the hashed passwords and session IDs are exposed in the customer detail view which allows an attacker to gain access to sensitive information and perform unauthorize...

CVE-2022-28448

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS. An attacker role customer can inject javascript code to First name or Last name at Customer Info...

CVE-2022-28448

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS. An attacker role customer can inject javascript code to First name or Last name at Customer Info...

Cross site scripting

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS. An attacker role customer can inject javascript code to First name or Last name at Customer Info...

CVE-2022-28448

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS. An attacker role customer can inject javascript code to First name or Last name at Customer Info...

CVE-2022-28448

nopCommerce 4.50.1 is vulnerable to Cross-Site Scripting (XSS): an attacker with a customer role can inject JavaScript through the First name or Last name fields in Customer Info. The root cause is reflected input without HTML encoding. Several sources (CVE-2022-28448 listings) describe this vuln...

Canada Post discloses data breach after malware attack

By Waqas According to Canada Post, sensitive information of over 950,000 customers and 44 of its large business clients has been exposed in the malware attack. This is a post from HackRead.com Read the original post: Canada Post discloses data breach after malware attack...