14 matches found
EUVD-2025-16376
Malicious code in bioql PyPI...
EUVD-2025-28220
Malicious code in bioql PyPI...
CVE-2025-48484
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, the application is vulnerable to Cross-Site Scripting XSS attacks due to incorrect input validation and sanitization of user-input data in the conversation POST data body. This issue has been patched in versio...
CVE-2025-48389
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is vulnerable to deserialization of untrusted data due to insufficient validation. Through the set function, a string with a serialized object can be passed, and when getting an option through the ge...
CVE-2025-48390
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is vulnerable to code injection due to insufficient validation of user input in the phppath parameter. The backticks characters are not removed, as well as tabulation is not removed. When checking us...
CVE-2025-48388
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, the application performs insufficient validation of user-supplied data, which is used as arguments to string formatting functions. As a result, an attacker can pass a string containing special symbols \r, \n,...
CVE-2025-48484
CVE-2025-48484 affects FreeScout before version 1.8.178, where XSS is possible due to improper input validation and sanitization in the conversation POST data body. The issue is documented in multiple sources (NVD/Red Hat/ CNVD, etc.) and is stated to be patched in 1.8.178. Affected component is ...
CVE-2025-48484 FreeScout Vulnerable to Stored XSS
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, the application is vulnerable to Cross-Site Scripting XSS attacks due to incorrect input validation and sanitization of user-input data in the conversation POST data body. This issue has been patched in versio...
CVE-2025-48390 FreeScout Vulnerable to Remote Code Execution (RCE)
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is vulnerable to code injection due to insufficient validation of user input in the phppath parameter. The backticks characters are not removed, as well as tabulation is not removed. When checking us...
CVE-2025-48390 FreeScout Vulnerable to Remote Code Execution (RCE)
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is vulnerable to code injection due to insufficient validation of user input in the phppath parameter. The backticks characters are not removed, as well as tabulation is not removed. When checking us...
CVE-2025-48390
CVE-2025-48390 affects FreeScout prior to version 1.8.178, where insufficient validation of user input in the php_path parameter allows code injection via crafted folder paths created by an administrator translation. The underlying issue involves not stripping backticks and tab characters from in...
CVE-2025-48389 FreeScout Vulnerable to Deserialization of Untrusted Data
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is vulnerable to deserialization of untrusted data due to insufficient validation. Through the set function, a string with a serialized object can be passed, and when getting an option through the ge...
CVE-2025-48389 FreeScout Vulnerable to Deserialization of Untrusted Data
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is vulnerable to deserialization of untrusted data due to insufficient validation. Through the set function, a string with a serialized object can be passed, and when getting an option through the ge...
CVE-2025-48388 FreeScout Has Insufficient Protection Against CRLF-injection
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, the application performs insufficient validation of user-supplied data, which is used as arguments to string formatting functions. As a result, an attacker can pass a string containing special symbols \r, \n,...