|
991
|
7.4 |
HIGH
Network
|
-
|
-
|
blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a password reset is initiated, a 128-character CSPRNG token is generated and stored alongside a password_reset_at timestam…
New
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2026-40585
|
2026-04-23 06:16 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
992
|
7.5 |
HIGH
Network
|
-
|
-
|
blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler performs no throttling of any kind. Failed authentication attempts are processed at full network speed w…
New
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2026-40586
|
2026-04-23 06:16 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
993
|
6.5 |
MEDIUM
Network
|
-
|
-
|
blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a user changes their password via the profile edit page, or when a password reset is completed via the reset link, neither…
New
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-40587
|
2026-04-23 06:16 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
994
|
8.1 |
HIGH
Network
|
-
|
-
|
blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the password change form at /profile/{slug}/edit/ does not include a current_password field and does not verify the user's exis…
New
|
CWE-620
Unverified Password Change
|
CVE-2026-40588
|
2026-04-23 06:16 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
995
|
5.8 |
MEDIUM
Network
|
-
|
-
|
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an…
New
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2026-40567
|
2026-04-23 06:10 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
996
|
- |
|
-
|
-
|
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the `load_customer_info` action in `POST /conversation/ajax` returns complete customer profile data to any auth…
New
|
CWE-639
CWE-862
Authorization Bypass Through User-Controlled Key
Missing Authorization
|
CVE-2026-40570
|
2026-04-23 06:10 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
997
|
4.1 |
MEDIUM
Network
|
-
|
-
|
FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Server-Side Request Forgery (SSRF) vulnerability in the IMAP/SMTP connection test functionality of FreeS…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-40566
|
2026-04-23 06:10 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
998
|
8.5 |
HIGH
Network
|
-
|
-
|
FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a stored cross-site scripting (XSS) vulnerability in the mailbox signature feature. The sanitization funct…
New
|
CWE-79
CWE-116
Cross-site Scripting
Improper Encoding or Escaping of Output
|
CVE-2026-40568
|
2026-04-23 06:10 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
999
|
9.0 |
CRITICAL
Network
|
-
|
-
|
FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass assignment vulnerability in the mailbox connection settings endpoints of FreeScout (`connectionInco…
New
|
CWE-284
CWE-915
Improper Access Control
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-40569
|
2026-04-23 06:10 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1000
|
7.6 |
HIGH
Network
|
-
|
-
|
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, a low-privileged agent can edit a visible customer and add an email address already owned by a hidden customer …
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-40589
|
2026-04-23 06:10 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
