|
1081
|
7.6 |
HIGH
Network
|
-
|
-
|
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, a low-privileged agent can edit a visible customer and add an email address already owned by a hidden customer …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-40589
|
2026-04-23 06:10 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1082
|
4.3 |
MEDIUM
Network
|
-
|
-
|
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the Change Customer modal exposes a “Create a new customer” flow via POST /customers/ajax with action=create. U…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-40590
|
2026-04-23 06:10 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1083
|
7.1 |
HIGH
Network
|
-
|
-
|
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the phone-conversation creation flow accepts attacker-controlled `customer_id`, `name`, `to_email`, and `phone`…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-40591
|
2026-04-23 06:10 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1084
|
5.9 |
MEDIUM
Network
|
-
|
-
|
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the undo-send route `GET /conversation/undo-reply/{thread_id}` checks only whether the current user can view th…
|
CWE-862
Missing Authorization
|
CVE-2026-40592
|
2026-04-23 06:10 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1085
|
4.3 |
MEDIUM
Network
|
-
|
-
|
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder …
|
CWE-200
Information Exposure
|
CVE-2026-41183
|
2026-04-23 06:10 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1086
|
7.1 |
HIGH
Network
|
-
|
-
|
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, customer-thread editing is authorized through `ThreadPolicy::edit()`, which checks mailbox access but does not …
|
CWE-863
Incorrect Authorization
|
CVE-2026-41189
|
2026-04-23 06:10 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1087
|
7.1 |
HIGH
Network
|
-
|
-
|
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, when `APP_SHOW_ONLY_ASSIGNED_CONVERSATIONS` is enabled, direct conversation view correctly blocks users who are…
|
CWE-863
Incorrect Authorization
|
CVE-2026-41190
|
2026-04-23 06:10 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1088
|
7.1 |
HIGH
Network
|
-
|
-
|
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, `MailboxesController::updateSave()` persists `chat_start_new` outside the allowed-field filter. A user with onl…
|
CWE-863
Incorrect Authorization
|
CVE-2026-41191
|
2026-04-23 06:10 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1089
|
7.1 |
HIGH
Network
|
-
|
-
|
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the reply and draft flows trust client-supplied encrypted attachment IDs. Any IDs present in `attachments_all[]…
|
CWE-862
Missing Authorization
|
CVE-2026-41192
|
2026-04-23 06:10 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1090
|
9.1 |
CRITICAL
Network
|
-
|
-
|
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's module installation feature extracts ZIP archives without validating file paths, allowing an authen…
|
CWE-22
Path Traversal
|
CVE-2026-41193
|
2026-04-23 06:10 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
