PT-2026-34031

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, MailboxesController::updateSave persists chat start new outside the allowed-field filter. A user with only the mailbox sig permission sees only the signature field in the UI, but can still change the hidden...

BIT-DISCOURSE-2026-32607 Discourse: Stored XSS via unescaped assignee name

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.3, and 2026.2.0 to before 2026.2.2, when the hidden prioritizefullnameinux site setting is enabled defaults to false, requires console access to change, user and group display names are rendered without HTML...

CVE-2025-48538

In setApplicationHiddenSettingAsUser of PackageManagerService.java, there is a possible way to hide a system critical package due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitatio...

CVE-2025-48538

In setApplicationHiddenSettingAsUser of PackageManagerService.java, there is a possible way to hide a system critical package due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitatio...