Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2026-41193
CRITICAL CVSS 9.1
Find Similar
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's module installation feature extracts ZIP archives without validating file paths, allowing an authent
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to insufficient data validation and sani
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned-only restriction is applied to direct conversation view and folder queries, but not to non-folder q
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and saniti
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application's logic requires the user to perform a correct sequence of actions to implement a functional cap
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and saniti
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, the application does not check or performs insufficient checking of files uploaded to the application. This allo
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.181, when an administrative account is a deleting a user, there is the the possibility of a race condition occurring.
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the `load_customer_info` action in `POST /conversation/ajax` returns complete customer profile data to any authe
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, a low-privileged agent can edit a visible customer and add an email address already owned by a hidden customer i
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.181, the system's incorrect validation of last_name and first_name during profile data updates allows for the injecti
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the reply and draft flows trust client-supplied encrypted attachment IDs. Any IDs present in `attachments_all[]`
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an attacker with an unactivated email invitation containing invite_hash, can exploit this vulnerability to self-
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, insufficient input validation during user creation has resulted in a mass assignment vulnerability, allowing an
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, `MailboxesController::updateSave()` persists `chat_start_new` outside the allowed-field filter. A user with only
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the undo-send route `GET /conversation/undo-reply/{thread_id}` checks only whether the current user can view the
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.219, the password reset endpoint returns visually distinct responses depending on whether the submitted
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, attachment download tokens are generated using a weak and predictable formula: `md5(APP_KEY + attachment_id + si
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, deleting the file .htaccess allows an attacker to upload an HTML file containing malicious JavaScript code to th
Page 1+ Next →