CVE-2026-41902

CVE-2026-41902 affects FreeScout (Laravel-based help desk). Before v1.8.217, the endpoint /user-setup/{hash} accepts a 60-character invite_hash to set a new user’s password and does not expire the hash, leaving it valid until used. If the invite link leaks (e.g., forwarded emails, logs, or referr...

FreeScout 代码问题漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.217 contained code vulnerabilities. This vulnerability stemmed from the/user-setup/hash endpoint, which did not expire the...

Improper Authentication

org.apache.openmeetings:openmeetings-web is vulnerable to Improper Authentication. An authenticated attacker that has gained access to certain private information is able to use this to impersonate another user because permissions can be incorrectly set during an invitation hash check...

CVE-2023-28936 Apache OpenMeetings: insufficient check of invitation hash

Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0...