CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/04/21 4:52 p.m.•31 views

CVE-2026-40590 FreeScout's Customer AJAX Create Modifies Hidden Existing Customer

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the Change Customer modal exposes a “Create a new customer” flow via POST /customers/ajax with action=create. Under limited visibility, the endpoint drops unique-email validation. If the supplied email already...

4.3CVSS0.00214EPSS

Vulnrichment•added 2026/04/21 4:46 p.m.•4 views

CVE-2026-40569 FreeScout's Mass Assignment in Mailbox Connection Settings Enables Silent Email Exfiltration

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass assignment vulnerability in the mailbox connection settings endpoints of FreeScout connectionIncomingSave at app/Http/Controllers/MailboxesController.php:468 and connectionOutgoingSave at line 398...

EUVD•added 2026/04/21 4:46 p.m.•3 views

EUVD-2026-24171

CVE•added 2026/04/21 4:46 p.m.•14 views

CVE-2026-40569

Vulnerability summary (CVE-2026-40569): FreeScout (self-hosted help desk) versions prior to 1.8.213 suffer a mass assignment flaw in the mailbox connection settings endpoints (connectionIncomingSave and connectionOutgoingSave). The code passes $request->all() directly to $mailbox->fill() wi...

SUSE CVE•added 2026/04/21 12:22 p.m.•3 views

SUSE CVE-2025-65104

Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or...

7.9CVSS5.8AI score0.00185EPSS

Exploits0References4

RedhatCVE•added 2026/04/21 1:22 a.m.•2 views

CVE-2026-29642

A local attacker who can execute privileged CSR operations or can induce firmware to do so performs carefully crafted reads/writes to menvcfg e.g., csrrs in M-mode. On affected XiangShan versions commit aecf601e803bfd2371667a3fb60bfcd83c333027, 2024-11-19, these menvcfg accesses can unexpectedly...

7.8CVSS5.8AI score0.00112EPSS

Positive Technologies•added 2026/04/21 12:0 a.m.•4 views

PT-2026-34019

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.213 Description An issue exists in the mailbox connection settings endpoints where the functions connectionIncomingSave and connectionOutgoingSave pass all request data directly to the mailbox fill method withou...

9CVSS5.2AI score0.00296EPSS

Exploits0References7

CNNVD•added 2026/04/21 12:0 a.m.•6 views

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.214 contained security vulnerabilities. These vulnerabilities stemmed from the fact that, under limited visibility, the...

4.3CVSS5.8AI score0.00214EPSS

CNNVD•added 2026/04/21 12:0 a.m.•7 views

Decidim 安全漏洞

Decidim is an open-source participatory democracy framework developed using Ruby on Rails. Versions of Decidim from 0.0.1 to 0.30.5 and 0.31.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of permission checks for the commentable fields in the API, which could...

7.5CVSS5.8AI score0.00287EPSS

CNNVD•added 2026/04/21 12:0 a.m.•7 views

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.213 contained security vulnerabilities. These vulnerabilities stemmed from the use of the connectionIncomingSave and...

Positive Technologies•added 2026/04/21 12:0 a.m.•8 views

PT-2026-36923

Name of the Vulnerable Software and Affected Versions Nginx UI versions prior to 2.3.8 Description The GetSettings API handler in the api/settings/settings.go file serializes all settings structs to JSON and returns them to authenticated users. While many sensitive fields are marked as protected,...

6.8CVSS5.8AI score0.00295EPSS

Exploits1References10

CNNVD•added 2026/04/21 12:0 a.m.•6 views

FreeScout 安全漏洞

7.1CVSS5.8AI score0.00211EPSS

Tenable Nessus•added 2026/04/21 12:0 a.m.•4 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013005)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013005 advisory. In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: remove never-working support for setting nsh fields The validation of the...

5.9AI score0.00199EPSS

Exploits0References4

ATTACKERKB•added 2026/04/20 11:8 p.m.•1 views

CVE-2026-41299

OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the chat.send gateway method where ACP-only provenance fields are gated by self-declared client metadata from WebSocket handshake rather than verified authorization state. Authenticated operator clients can spoof ACP...

7.1CVSS5.8AI score0.00203EPSS

Cvelist•added 2026/04/20 11:8 p.m.•30 views

CVE-2026-41299 OpenClaw < 2026.3.28 - Client Identity Spoofing in chat.send Gateway Provenance Guard

7.1CVSS0.00203EPSS

Exploits0References2

EUVD•added 2026/04/20 9:31 p.m.•5 views

EUVD-2026-23935

8.1CVSS6.6AI score0.00593EPSS

Exploits0References6

RedhatCVE•added 2026/04/20 7:23 p.m.•5 views

CVE-2026-32690

Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the user the secrets stored as nested fields were not masked. If you do not store variables with sensitive values in JSON form, you are not affected. Otherwise please upgrade to...

3.7CVSS5.8AI score0.00421EPSS