Lucene search
+L

274 matches found

CVE
CVE
added 2026/04/21 4:46 p.m.25 views

CVE-2026-40569

Vulnerability summary (CVE-2026-40569): FreeScout (self-hosted help desk) versions prior to 1.8.213 suffer a mass assignment flaw in the mailbox connection settings endpoints (connectionIncomingSave and connectionOutgoingSave). The code passes $request->all() directly to $mailbox->fill() wi...

9CVSS5.8AI score0.00296EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/21 4:6 p.m.31 views

CVE-2026-40567 FreeScout has HTML Injection in Outgoing Emails via Unsanitized Customer Name in Signature Variables

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an email with a crafted From display name. The name is stored in the database without sanitization a...

5.8CVSS0.00242EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/21 4:6 p.m.3 views

CVE-2026-40567 FreeScout has HTML Injection in Outgoing Emails via Unsanitized Customer Name in Signature Variables

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an email with a crafted From display name. The name is stored in the database without sanitization a...

5.8CVSS5.9AI score0.00242EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/21 4:6 p.m.5 views

EUVD-2026-24168

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an email with a crafted From display name. The name is stored in the database without sanitization a...

5.8CVSS5.9AI score0.00242EPSS
Exploits0References3
OSV
OSV
added 2026/04/21 4:6 p.m.4 views

CVE-2026-40567 FreeScout has HTML Injection in Outgoing Emails via Unsanitized Customer Name in Signature Variables

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an email with a crafted From display name. The name is stored in the database without sanitization a...

5.8CVSS6AI score0.00242EPSS
Exploits0References5
CVE
CVE
added 2026/04/21 4:6 p.m.12 views

CVE-2026-40567

FreeScout (self-hosted help desk) contains an HTML injection vulnerability in outgoing emails prior to v1.8.213. An unauthenticated attacker can craft the From display name in an email; the name is stored in the database without sanitization and rendered unescaped in outgoing replies via the {%cu...

5.8CVSS5.9AI score0.00242EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.11 views

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.213 contained security vulnerabilities. These vulnerabilities stemmed from uncleanly storing the From display name in the...

5.8CVSS5.9AI score0.00242EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.8 views

PT-2026-34011

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an email with a crafted From display name. The name is stored in the database without sanitization a...

5.8CVSS5.9AI score0.00242EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.10 views

WordPress plugin The Tribal 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. Versions of...

5.3CVSS5.8AI score0.00201EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.3 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006641)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006641 advisory. In the Linux kernel, the following vulnerability has been resolved: sctp: fix memory leak in sctpstreamoutqmigrate When sctpstreamoutqmigrate is called to release...

5.5CVSS6.3AI score0.0024EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.12 views

PT-2026-29666

Name of the Vulnerable Software and Affected Versions Ewe versions prior to 3.0.6 Description The encode headers function in src/ewe/internal/encoder.gleam directly interpolates response header keys and values into raw HTTP bytes without validating or stripping CRLF r sequences. This allows an...

5.3CVSS5.5AI score0.00327EPSS
Exploits1References8
Veracode
Veracode
added 2026/02/21 5:7 a.m.12 views

Server-Side Request Forgery

Indico is vulnerable to Server-Side Request Forgery. The vulnerability is due to Indico making outgoing requests to user-provided URLs in various places, where users can access special targets such as localhost or cloud metadata endpoints, and attackers can exploit this to access sensitive data...

6.9CVSS5.7AI score0.00189EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.7 views

WordPress plugin JobBoard Job listing 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.9CVSS5.8AI score0.00309EPSS
Exploits0References1
OSV
OSV
added 2026/02/19 3:30 p.m.6 views

CVE-2026-25738 Indico has Server-Side Request Forgery (SSRF) in multiple places

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Versions prior to 3.3.10 are vulnerable to server-side request forgery. Indico makes outgoing requests to user-provides URLs in various places. This is mostly intentional and part of...

6.9CVSS5.7AI score0.00189EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.11 views

WordPress plugin Ninja Tables 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00215EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/02/17 6:53 p.m.7 views

Indico has Server-Side Request Forgery (SSRF) in multiple places

Impact Indico makes outgoing requests to user-provides URLs in various places. This is mostly intentional and part of Indico's functionality, but of course it is never intended to let you access "special" targets such as localhost or cloud metadata endpoints. Patches You should to update to Indic...

6.9CVSS5.7AI score0.00189EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.7 views

PT-2026-20327

Name of the Vulnerable Software and Affected Versions Indico versions prior to 3.3.10 Description Indico, an event management system, is susceptible to server-side request forgery SSRF. The system makes outgoing requests to URLs provided by users. While this functionality is intentional, it could...

6.9CVSS5.5AI score0.00189EPSS
Exploits0References10
NVD
NVD
added 2026/02/16 6:19 p.m.11 views

CVE-2019-25378

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple cross-site scripting vulnerabilities in the proxy.cgi endpoint that allow attackers to inject malicious scripts through parameters including CACHESIZE, MAXSIZE, MINSIZE, MAXOUTGOINGSIZE, and MAXINCOMINGSIZE. Attackers can submit POS...

6.1CVSS0.00225EPSS
Exploits1References3
Snyk
Snyk
added 2026/02/02 8:12 p.m.4 views

Missing Validation of OpenSSL Certificate

Overview Affected versions of this package are vulnerable to Missing Validation of OpenSSL Certificate due to the default configuration of DefaultConfig where TLS certificate verification is disabled for outgoing storage driver communications. An attacker can intercept, decrypt, and manipulate al...

9.2CVSS5.5AI score0.00239EPSS
Exploits0References2
OSV
OSV
added 2026/01/14 5:33 p.m.23 views

CLSA-2026-1768411996 unbound: Fix of CVE-2025-5994

CVE-2025-5994: fix cache poisoning vulnerability by segregating outgoing queries to accommodate for different outgoing ECS information...

8.7CVSS5.8AI score0.00188EPSS
Exploits0References1
Rows per page
Query Builder