FreeScout 授权问题漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.221 contained an authorization vulnerability. This vulnerability stemmed from a lack of email membership checks in the...

wger 安全漏洞

WGER is an open-source project developed by the WGER Team, built using Django for hosting self-hosted FLOSS fitness/exercise, nutrition, and weight tracking applications. Versions of WGER prior to 2.6 contained security vulnerabilities. These vulnerabilities stemmed from the use of Python object...

CVE-2026-41903

CVE-2026-41903 affects FreeScout (Laravel-based). Before 1.8.217, a user with PERM_EDIT_USERS can read/modify any user’s notification subscriptions via a single POST, including admins, enabling silent disabling of email/browser/mobile alerts and related notices. This is a continuation of CVE-2025...

Paragraphs admin - Moderately critical - - SA-CONTRIB-2023-049

This module enables you to view all paragraph entities in an admin view. The module contains an access bypass that allows non admin users to access the view. The vulnerability can be mitigated by editing the view to change the permission required to access the page...