Lucene search
K

1444 matches found

thn
thn
added 2026/06/04 9:33 a.m.16 views

Hackers Spied on a Stock Exchange Executive's Outlook Mailbox for Five Months

Unknown attackers spent at least five months inside the Outlook mailbox of a senior executive at a major global stock exchange, copying the inbox out in small, repeated batches and routing it through Dropbox and OneDrive so the traffic blended into normal cloud activity. Symantec and Carbon Black...

5.8AI score
Exploits0
redhatcve
redhatcve
added 2026/06/01 10:3 p.m.13 views

CVE-2026-48810

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, while investigating the ThreadPolicy::delete issue reported previously, the same missing mailbox membership check was found in the sibling ThreadPolicy::edit method. A user with the...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References1
nvd
nvd
added 2026/05/29 8:16 p.m.12 views

CVE-2026-48810

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, while investigating the ThreadPolicy::delete issue reported previously, the same missing mailbox membership check was found in the sibling ThreadPolicy::edit method. A user with the...

4.3CVSS0.00155EPSS
Exploits0References1
nvd
nvd
added 2026/05/29 8:16 p.m.13 views

CVE-2026-48811

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a non-admin user to permanently delete an internal note private thread from any conversation, even after that user's access to the mailbox containing the conversation has been...

4.3CVSS0.00155EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/29 7:48 p.m.38 views

CVE-2026-48810 FreeScout: Thread Edit Authorization Bypass via Missing Mailbox Check

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, while investigating the ThreadPolicy::delete issue reported previously, the same missing mailbox membership check was found in the sibling ThreadPolicy::edit method. A user with the...

4.3CVSS0.00155EPSS
Exploits0References1
cve
cve
added 2026/05/29 7:48 p.m.28 views

CVE-2026-48810

FreeScout (Laravel PHP) contains a vulnerability where ThreadPolicy::edit allows a user with PERM_EDIT_CONVERSATIONS who created a message in Mailbox A to rewrite the thread after being removed from the mailbox, due to a missing mailbox membership check (the same issue observed in ThreadPolicy::d...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References1
euvd
euvd
added 2026/05/29 7:48 p.m.13 views

EUVD-2026-33438

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, while investigating the ThreadPolicy::delete issue reported previously, the same missing mailbox membership check was found in the sibling ThreadPolicy::edit method. A user with the...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/29 7:48 p.m.9 views

CVE-2026-48810 FreeScout: Thread Edit Authorization Bypass via Missing Mailbox Check

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, while investigating the ThreadPolicy::delete issue reported previously, the same missing mailbox membership check was found in the sibling ThreadPolicy::edit method. A user with the...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/29 7:48 p.m.8 views

CVE-2026-48810

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, while investigating the ThreadPolicy::delete issue reported previously, the same missing mailbox membership check was found in the sibling ThreadPolicy::edit method. A user with the...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2026/05/29 7:47 p.m.38 views

CVE-2026-48811 FreeScout: Thread Deletion Bypasses Mailbox Access Revocation

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a non-admin user to permanently delete an internal note private thread from any conversation, even after that user's access to the mailbox containing the conversation has been...

4.3CVSS0.00155EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/29 7:47 p.m.10 views

CVE-2026-48811 FreeScout: Thread Deletion Bypasses Mailbox Access Revocation

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a non-admin user to permanently delete an internal note private thread from any conversation, even after that user's access to the mailbox containing the conversation has been...

4.3CVSS5.7AI score0.00155EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/29 7:47 p.m.8 views

CVE-2026-48811

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a non-admin user to permanently delete an internal note private thread from any conversation, even after that user's access to the mailbox containing the conversation has been...

4.3CVSS5.7AI score0.00155EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2026/05/29 7:47 p.m.15 views

EUVD-2026-33437

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a non-admin user to permanently delete an internal note private thread from any conversation, even after that user's access to the mailbox containing the conversation has been...

4.3CVSS5.7AI score0.00155EPSS
Exploits0References1
cve
cve
added 2026/05/29 7:47 p.m.24 views

CVE-2026-48811

FreeScout (Laravel) contains a vulnerability where a non-admin can permanently delete an internal note (private thread) in any conversation, even after mailbox access is revoked. The root cause is the ThreadPolicy::delete authorization not verifying mailbox membership, allowing former members to ...

4.3CVSS5.7AI score0.00155EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/29 12:0 a.m.22 views

PT-2026-44995

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, while investigating the ThreadPolicy::delete issue reported previously, the same missing mailbox membership check was found in the sibling ThreadPolicy::edit method. A user with the PERM EDIT...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/29 12:0 a.m.10 views

FreeScout 授权问题漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.221 contained an authorization vulnerability. This vulnerability stemmed from a lack of email membership checks in the...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/05/28 9:13 p.m.20 views

CVE-2025-71308

A flaw was found in the Linux kernel's accel/amdxdna module. During error handling in the aie2createcontext function, the aiedestroycontext function can be called when a mailbox channel pointer is unexpectedly null. This can lead to a NULL pointer dereference, potentially causing a system crash a...

5.5CVSS5.8AI score0.00137EPSS
Exploits0References4
susecve
susecve
added 2026/05/28 4:1 a.m.12 views

SUSE CVE-2025-71308

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix potential NULL pointer dereference in context cleanup aiedestroycontext is invoked during error handling in aie2createcontext. However, aiedestroycontext assumes that the context's mailbox channel pointer is...

5.5CVSS5.8AI score0.00137EPSS
Exploits0References3
susecve
susecve
added 2026/05/28 3:55 a.m.11 views

SUSE CVE-2026-45977

In the Linux kernel, the following vulnerability has been resolved: fbnic: close fwlog race between users and teardown Fixes a theoretical race on fwlog between the teardown path and fwlog write functions. fwlog is written inside fbnicfwlogwrite and can be reached from the mailbox handler...

5.8AI score0.00121EPSS
Exploits0References3
euvd
euvd
added 2026/05/27 3:33 p.m.18 views

EUVD-2026-32261

In the Linux kernel, the following vulnerability has been resolved: fbnic: close fwlog race between users and teardown Fixes a theoretical race on fwlog between the teardown path and fwlog write functions. fwlog is written inside fbnicfwlogwrite and can be reached from the mailbox handler...

5.8AI score0.00121EPSS
Exploits0References4
Rows per page
Query Builder