freescout

Top products

The 15 most recently published vulnerabilities affecting freescout.

• CVE-2026-40565FreeScout has Stored XSS / CSS Injection via linkify() — Unescaped URL in Anchor href6.1Apr 21, 2026
• CVE-2026-40498FreeScout has Authentication Bypass and Information Disclosure in SystemController via /system/cron9.8Apr 21, 2026
• CVE-2026-40497FreeScout Vulnerable to CSS Injection via Stored Style Tag in Mailbox Signature (CSRF Token Exfiltration)8.1Apr 21, 2026
• CVE-2026-40496FreeScout has Predictable Attachment Token that Allows Unauthenticated Private File Download via Brute Force9.1Apr 21, 2026
• CVE-2026-35584FreeScout has an Unauthenticated IDOR in Open Tracking Endpoint Allows Cross-Conversation Thread Manipulation and Enumeration6.5Apr 7, 2026
• CVE-2026-39384FreeScout Customer Merge Cross-Mailbox Authorization Bypass7.6Apr 7, 2026
• CVE-2026-34442FreeScout: Host Header Injection Leading to External Resource Loading and Open Redirect in FreeScout5.4Mar 31, 2026
• CVE-2026-34443FreeScout: SSRF protection bypass via broken CIDR check in checkIpByMask()5.3Mar 31, 2026
• CVE-2026-32754FreeScout: Stored XSS via Unescaped Email Template Rendering ({!! $thread->body !!})9.3Mar 19, 2026
• CVE-2026-32753FreeScout: Stored XSS through SVG file upload with filter bypass5.4Mar 19, 2026
• CVE-2026-28289FreeScout 1.8.206 Patch Bypass for CVE-2026-27636 via Zero-Width Space Character Leads to Remote Code Execution10.0Mar 3, 2026
• CVE-2026-27636FreeScout: Missing .htaccess in Restricted File Extensions Allows Remote Code Execution on Apache8.8Feb 25, 2026
• CVE-2026-27637FreeScout's Predictable Authentication Token Enables Account Takeover9.8Feb 25, 2026
• CVE-2025-58163FreeScout's deserialization of untrusted data can lead to Remote Code Execution8.8Sep 3, 2025
• CVE-2025-54366FreeScout's deserialization of untrusted data leads to Remote Code Execution8.8Jul 26, 2025