8.8
CVE-2026-40583 - UltraDAG: SmartOp Vote Path Triggers Fatal Supply Invariant Halt
UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit a signed SmartOp::Vote transaction that passes signature, nonce, and balance prechecks, but fails authorization only after state mutation has already occurred.
5.9
CVE-2026-40592 - FreeScout's cross-user undo reply allows mailbox peers to recall another agent's outbound reply
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the undo-send route `GET /conversation/undo-reply/{thread_id}` checks only whether the current user can view the parent conversation. It does not verify that the current user created the reply being undone. In aβ¦
7.1
CVE-2026-40591 - FreeScout: Improper Authorization in Phone Conversation Creation Enables Cross-Mailbox Hidden Custoβ¦
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the phone-conversation creation flow accepts attacker-controlled `customer_id`, `name`, `to_email`, and `phone` values and resolves the target customer in the backend without enforcing mailbox-scoped customer viβ¦
4.3
CVE-2026-40590 - FreeScout's Customer AJAX Create Modifies Hidden Existing Customer
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the Change Customer modal exposes a βCreate a new customerβ flow via POST /customers/ajax with action=create. Under limited visibility, the endpoint drops unique-email validation. If the supplied email already bβ¦
7.6
CVE-2026-40589 - FreeScout has Customer Edit Cross-Mailbox Email Takeover
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, a low-privileged agent can edit a visible customer and add an email address already owned by a hidden customer in another mailbox. The server discloses the hidden customerβs name and profile URL in the success fβ¦
9.8
CVE-2026-40050 - CrowdStrike LogScale Unauthenticated Path Traversal
CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale. This vulnerability only requires mitigation by customers that host specific versions of LogScale and does not affect Next-Gen SIEM customers. The vulnerability β¦
5.7
CVE-2026-40570 - FreeScout's Missing Authorization in load_customer_info Allows Any Authenticated User to Access Fulβ¦
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the `load_customer_info` action in `POST /conversation/ajax` returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to retβ¦
9
CVE-2026-40569 - FreeScout's Mass Assignment in Mailbox Connection Settings Enables Silent Email Exfiltration
FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass assignment vulnerability in the mailbox connection settings endpoints of FreeScout (`connectionIncomingSave()` at `app/Http/Controllers/MailboxesController.php:468` and `connectionOutgoingSave()` at β¦
9.4
CVE-2026-40576 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in excel-mcp-server
excel-mcp-server is a Model Context Protocol server for Excel file manipulation. A path traversal vulnerability exists in excel-mcp-server versions up to and including 0.1.7. When running in SSE or Streamable-HTTP transport mode (the documented way to use this server remotely), an unauthenticated aβ¦
9
CVE-2026-5652 - Authorization Bypass Through User-Controlled Key in Crafty Controller
An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permissions validation.