CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

149 matches found

RedhatCVE•added 2026/06/05 7:27 p.m.•7 views

CVE-2026-40592

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the undo-send route GET /conversation/undo-reply/threadid checks only whether the current user can view the parent conversation. It does not verify that the current user created the reply being undone. In a...

5.9CVSS5.5AI score0.00238EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:26 p.m.•8 views

CVE-2026-40570

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the loadcustomerinfo action in POST /conversation/ajax returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to retriev...

7.1CVSS5.5AI score0.00249EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:20 p.m.•7 views

CVE-2026-41193

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's module installation feature extracts ZIP archives without validating file paths, allowing an authenticated admin to write files arbitrarily on the server filesystem via a specially crafted ZIP...

9.1CVSS5.5AI score0.00392EPSS

Exploits0References1

NVD•added 2026/05/29 8:16 p.m.•11 views

CVE-2026-48810

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, while investigating the ThreadPolicy::delete issue reported previously, the same missing mailbox membership check was found in the sibling ThreadPolicy::edit method. A user with the...

4.3CVSS0.00155EPSS

Exploits0References1

EUVD•added 2026/05/29 7:52 p.m.•10 views

EUVD-2026-33441

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.219, the password reset endpoint returns visually distinct responses depending on whether the submitted email address belongs to an existing user account, allowing unauthenticated attackers to enumerat...

5.3CVSS5.8AI score0.0021EPSS

Exploits0References1

EUVD•added 2026/05/29 7:48 p.m.•10 views

EUVD-2026-33438

4.3CVSS5.8AI score0.00155EPSS

Exploits0References1

CNNVD•added 2026/05/29 12:0 a.m.•12 views

FreeScout 数据伪造问题漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.220 contained a data manipulation vulnerability. This vulnerability stemmed from the use of In-Reply-To/References headers in...

7.5CVSS5.7AI score0.00145EPSS

Exploits0References2

Cvelist•added 2026/05/07 6:8 p.m.•28 views

CVE-2026-41905 FreeScout vulnerable to SSRF via Helper::sanitizeRemoteUrl: redirect destination not re-validated, allowing internal HTTP / cloud-metadata access

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl in app/Misc/Helper.php follows HTTP redirects via curlGetLastRedirectedUrl but then re-validates the original URL instead of the final redirect destination. An...

7.7CVSS0.00209EPSS

Exploits0References2

NVD•added 2026/04/21 5:16 p.m.•6 views

CVE-2026-41183

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder query builders. Global search and the AJAX filter path still reveal conversations that should be...

4.3CVSS0.00224EPSS

Exploits0References3

Vulnrichment•added 2026/04/21 5:12 p.m.•2 views

CVE-2026-41192 FreeScout's client-controlled attachment IDs allow deletion of existing conversation attachments

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the reply and draft flows trust client-supplied encrypted attachment IDs. Any IDs present in attachmentsall but omitted from retained lists are decrypted and passed directly to Attachment::deleteByIds. Because...

7.1CVSS5.8AI score0.00238EPSS

Exploits0References3

ATTACKERKB•added 2026/04/21 1:45 a.m.•3 views

CVE-2026-40497

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's Helper::stripDangerousTags removes...

8.1CVSS5.8AI score0.00243EPSS

Exploits0References4Affected Software1

CNNVD•added 2026/04/21 12:0 a.m.•8 views

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.213 contained security vulnerabilities. These vulnerabilities stemmed from the Helper::stripDangerousTags function used in the...

8.5CVSS5.9AI score0.00238EPSS

Exploits0References1

CNNVD•added 2026/04/21 12:0 a.m.•5 views

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.215 contained security vulnerabilities. These vulnerabilities stemmed from the fact that restrictions were only applied to...

4.3CVSS5.8AI score0.00224EPSS

Exploits0References1

Positive Technologies•added 2026/04/21 12:0 a.m.•5 views

PT-2026-34020

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the load customer info action in POST /conversation/ajax returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to...

7.1CVSS5.8AI score0.00249EPSS

Exploits0References6

CNNVD•added 2026/04/07 12:0 a.m.•4 views

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.212 contained security vulnerabilities. These vulnerabilities stemmed from the endpoint GET...

6.9CVSS5.9AI score0.00304EPSS

Exploits2References1