CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

141 matches found

CVE-2026-48810

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, while investigating the ThreadPolicy::delete issue reported previously, the same missing mailbox membership check was found in the sibling ThreadPolicy::edit method. A user with the...

4.3CVSS0.00026EPSS

Exploits0References1

EUVD•added 5 days ago•6 views

EUVD-2026-33441

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.219, the password reset endpoint returns visually distinct responses depending on whether the submitted email address belongs to an existing user account, allowing unauthenticated attackers to enumerat...

5.3CVSS5.8AI score0.00038EPSS

Exploits0References1

EUVD•added 5 days ago•5 views

EUVD-2026-33438

4.3CVSS5.8AI score0.00026EPSS

Exploits0References1

CNNVD•added 5 days ago•6 views

FreeScout 数据伪造问题漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.220 contained a data manipulation vulnerability. This vulnerability stemmed from the use of In-Reply-To/References headers in...

7.5CVSS5.7AI score0.00014EPSS

Exploits0References2

Cvelist•added 2026/05/07 6:8 p.m.•22 views

CVE-2026-41905 FreeScout vulnerable to SSRF via Helper::sanitizeRemoteUrl: redirect destination not re-validated, allowing internal HTTP / cloud-metadata access

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl but then re-validates the original URL instead of the final redirect destination. An...

7.7CVSS0.00032EPSS

Exploits0References2

NVD•added 2026/04/21 5:16 p.m.•2 views

CVE-2026-41183

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder query builders. Global search and the AJAX filter path still reveal conversations that should be...

4.3CVSS0.00035EPSS

Exploits0References3

Vulnrichment•added 2026/04/21 5:12 p.m.•0 views

CVE-2026-41192 FreeScout's client-controlled attachment IDs allow deletion of existing conversation attachments

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the reply and draft flows trust client-supplied encrypted attachment IDs. Any IDs present in attachmentsall but omitted from retained lists are decrypted and passed directly to Attachment::deleteByIds. Because...

7.1CVSS5.8AI score0.00043EPSS

Exploits0References3

ATTACKERKB•added 2026/04/21 1:45 a.m.•0 views

CVE-2026-40497

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's Helper::stripDangerousTags removes...

8.1CVSS5.8AI score0.00042EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2026/04/21 12:0 a.m.•2 views

PT-2026-34020

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the load customer info action in POST /conversation/ajax returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to...

7.1CVSS5.8AI score0.00047EPSS

Exploits0References6

CNNVD•added 2026/04/21 12:0 a.m.•4 views

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.213 contained security vulnerabilities. These vulnerabilities stemmed from the Helper::stripDangerousTags function used in the...

8.5CVSS5.9AI score0.00039EPSS

Exploits0References1

CNNVD•added 2026/04/21 12:0 a.m.•4 views

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.215 contained security vulnerabilities. These vulnerabilities stemmed from the fact that restrictions were only applied to...

4.3CVSS5.8AI score0.00035EPSS

Exploits0References1

CNNVD•added 2026/04/07 12:0 a.m.•3 views

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.212 contained security vulnerabilities. These vulnerabilities stemmed from the endpoint GET...

6.9CVSS5.9AI score0.00034EPSS

Exploits2References1