16 matches found
EUVD-2025-16396
Malicious code in bioql PyPI...
EUVD-2025-16394
Malicious code in bioql PyPI...
EUVD-2025-16397
Malicious code in bioql PyPI...
CVE-2025-48473
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, when creating a conversation from a message in another conversation, there is no check to ensure that the user has the ability to view this message. Thus, the user can view arbitrary messages from other...
CVE-2025-48471
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, the application does not check or performs insufficient checking of files uploaded to the application. This allows files to be uploaded with the phtml and phar extensions, which can lead to remote code executi...
CVE-2025-48473
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, when creating a conversation from a message in another conversation, there is no check to ensure that the user has the ability to view this message. Thus, the user can view arbitrary messages from other...
CVE-2025-48472
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, there is no check to ensure that the user is disabling notifications for the mailbox to which they already have access. Moreover, the code explicitly implements functionality that if the user does not have...
CVE-2025-48473 FreeScout Vulnerable to Insufficient Authorization
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, when creating a conversation from a message in another conversation, there is no check to ensure that the user has the ability to view this message. Thus, the user can view arbitrary messages from other...
CVE-2025-48473 FreeScout Vulnerable to Insufficient Authorization
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, when creating a conversation from a message in another conversation, there is no check to ensure that the user has the ability to view this message. Thus, the user can view arbitrary messages from other...
CVE-2025-48473
CVE-2025-48473 affects FreeScout prior to v1.8.179: when creating a conversation from a message in another conversation, the system does not validate that the user has view permissions, allowing access to arbitrary messages across mailboxes/conversations. The restriction enforced by show_only_ass...
CVE-2025-48472 FreeScout Vulnerable to Insufficient Authorization
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, there is no check to ensure that the user is disabling notifications for the mailbox to which they already have access. Moreover, the code explicitly implements functionality that if the user does not have...
CVE-2025-48472 FreeScout Vulnerable to Insufficient Authorization
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, there is no check to ensure that the user is disabling notifications for the mailbox to which they already have access. Moreover, the code explicitly implements functionality that if the user does not have...
CVE-2025-48471 FreeScout Vulnerable to Arbitrary File Upload
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, the application does not check or performs insufficient checking of files uploaded to the application. This allows files to be uploaded with the phtml and phar extensions, which can lead to remote code executi...
FreeScout 安全漏洞
FreeScout is an ultra-lightweight and powerful free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout, Inc. A security vulnerability exists in FreeScout versions prior to 1.8.179 that stems from not validating a user's notification setting permissions for a...
PT-2025-47: Insufficient authorization in FreeScout
The vulnerability was identified in FreeScout , versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to access information or functionality that exceeds the privileges granted to the user because the application checks access rights incorrectly. Vulnerability status:...
PT-2025-46: Insufficient authorization in FreeScout
The vulnerability was identified in FreeScout, versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to access information or functionality that exceeds the privileges granted to the user because the application checks access rights incorrectly. Vulnerability status:...