14 matches found
EUVD-2025-16454
Malicious code in bioql PyPI...
EUVD-2025-16455
Malicious code in bioql PyPI...
EUVD-2024-34994
Malicious code in bioql PyPI...
EUVD-2025-16452
Malicious code in bioql PyPI...
EUVD-2025-16450
Malicious code in bioql PyPI...
CVE-2025-48487
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when creating a translation of a phrase that appears in a flash-message after a completed action, it is possible to inject a payload to exploit XSS vulnerability. This issue has been patched in version 1.8.180...
CVE-2025-48488
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, deleting the file .htaccess allows an attacker to upload an HTML file containing malicious JavaScript code to the server, which can result in a Cross-Site Scripting XSS vulnerability. This issue has been patch...
CVE-2025-48482
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, there is a mass assignment vulnerability. The Customer object is updated using the fill method, which processes fields such as channel and channelid. However, the fill method is called with all client-provided...
CVE-2025-48477
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application's logic requires the user to perform a correct sequence of actions to implement a functional capability, but the application allows access to the functional capability without correctly...
CVE-2025-48476
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when adding and editing user records using the fill method, there is no check for the absence of the password field in the data coming from the user, which leads to a mass-assignment vulnerability. As a result...
CVE-2025-48482 FreeScout Has Business Logic Errors
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, there is a mass assignment vulnerability. The Customer object is updated using the fill method, which processes fields such as channel and channelid. However, the fill method is called with all client-provided...
CVE-2025-48481 FreeScout Has Business Logic Errors
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an attacker with an unactivated email invitation containing invitehash, can exploit this vulnerability to self-activate their account, despite it being blocked or deleted, by leveraging the invitation link fro...
CVE-2025-48474
CVE-2025-48474 concerns FreeScout (prior to 1.8.180). The issue is improper access-rights checks for conversations, allowing users enabled with show_only_assigned_conversations to assign themselves to any accessible conversation and bypass viewing restrictions. The vulnerability is patched in ver...
CVE-2025-48473 FreeScout Vulnerable to Insufficient Authorization
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, when creating a conversation from a message in another conversation, there is no check to ensure that the user has the ability to view this message. Thus, the user can view arbitrary messages from other...