Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

CNVD
CNVDadded 2025/06/06 12:0 a.m.1 views

FreeScout Security Bypass Vulnerability

FreeScout is an ultra-lightweight and powerful free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a security bypass vulnerability that can be exploited by an attacker to gain initial access to an account by leveraging an invitation li...

9.8CVSS7.2AI score0.00144EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/06/01 5:35 a.m.8 views

CVE-2025-48481

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an attacker with an unactivated email invitation containing invitehash, can exploit this vulnerability to self-activate their account, despite it being blocked or deleted, by leveraging the invitation link fro...

9.8CVSS7AI score0.00144EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2025/05/30 4:35 a.m.10 views

CVE-2025-48481 FreeScout Has Business Logic Errors

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an attacker with an unactivated email invitation containing invitehash, can exploit this vulnerability to self-activate their account, despite it being blocked or deleted, by leveraging the invitation link fro...

6.1CVSS6.7AI score0.00144EPSS
Exploits1References1
CVE
CVEadded 2025/05/30 4:35 a.m.52 views

CVE-2025-48481

Affected software: FreeScout (PHP/Laravel). Vulnerability: Business logic bypass allowing an attacker with an unactivated email invitation containing an invite_hash to self-activate a blocked or deleted account by using the invitation link, gaining initial access. Root cause / details: Described ...

9.8CVSS6.7AI score0.00144EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologiesadded 2025/05/13 12:0 a.m.2 views

PT-2025-23247 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.180 Description: The issue allows an attacker with an unactivated email invitation containing the invite hash to self-activate their account, even if it is blocked or deleted. This is achieved by leveraging the...

9.8CVSS6.5AI score0.00144EPSS
Exploits1References8
OSV
OSVadded 2021/05/28 9:15 p.m.19 views

CVE-2021-32620

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 11.10.13, 12.6.7, and 12.10.2, a user disabled on a wiki using email verification for registration canouldre-activate themself by using the activation link provided for hi...

8.8CVSS6.9AI score
Exploits0References3
CVE
CVEadded 2021/05/28 9:5 p.m.81 views

CVE-2021-32620

XWiki Platform contains a vulnerability (CVE-2021-32620) where a user disabled on a wiki via email verification can re-activate themselves by following the activation link. Affected versions are prior to 11.10.13, 12.6.7, and 12.10.2; it has been fixed in 11.10.13, 12.6.7, 12.10.2, and 13.0. A ma...

8.8CVSS8.7AI score0.00311EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder