5.9
CVE-2026-40592 - FreeScout's cross-user undo reply allows mailbox peers to recall another agent's outbound reply
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the undo-send route `GET /conversation/undo-reply/{thread_id}` checks only whether the current user can view the parent conversation. It does not verify that the current user created the reply being undone. In aโฆ
7.1
CVE-2026-40591 - FreeScout: Improper Authorization in Phone Conversation Creation Enables Cross-Mailbox Hidden Custoโฆ
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the phone-conversation creation flow accepts attacker-controlled `customer_id`, `name`, `to_email`, and `phone` values and resolves the target customer in the backend without enforcing mailbox-scoped customer viโฆ
4.3
CVE-2026-40590 - FreeScout's Customer AJAX Create Modifies Hidden Existing Customer
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the Change Customer modal exposes a โCreate a new customerโ flow via POST /customers/ajax with action=create. Under limited visibility, the endpoint drops unique-email validation. If the supplied email already bโฆ
7.6
CVE-2026-40589 - FreeScout has Customer Edit Cross-Mailbox Email Takeover
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, a low-privileged agent can edit a visible customer and add an email address already owned by a hidden customer in another mailbox. The server discloses the hidden customerโs name and profile URL in the success fโฆ
9.8
CVE-2026-40050 - CrowdStrike LogScale Unauthenticated Path Traversal
CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale. This vulnerability only requires mitigation by customers that host specific versions of LogScale and does not affect Next-Gen SIEM customers. The vulnerability โฆ
5.7
CVE-2026-40570 - FreeScout's Missing Authorization in load_customer_info Allows Any Authenticated User to Access Fulโฆ
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the `load_customer_info` action in `POST /conversation/ajax` returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to retโฆ
9
CVE-2026-40569 - FreeScout's Mass Assignment in Mailbox Connection Settings Enables Silent Email Exfiltration
FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass assignment vulnerability in the mailbox connection settings endpoints of FreeScout (`connectionIncomingSave()` at `app/Http/Controllers/MailboxesController.php:468` and `connectionOutgoingSave()` at โฆ
9.4
CVE-2026-40576 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in excel-mcp-server
excel-mcp-server is a Model Context Protocol server for Excel file manipulation. A path traversal vulnerability exists in excel-mcp-server versions up to and including 0.1.7. When running in SSE or Streamable-HTTP transport mode (the documented way to use this server remotely), an unauthenticated aโฆ
9
CVE-2026-5652 - Authorization Bypass Through User-Controlled Key in Crafty Controller
An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permissions validation.
6.8
CVE-2026-40574 - OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claโฆ
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Prior to 7.15.2, an authorization bypass exists in OAuth2 Proxy as part of the email_domain enforcement option. An attacker may be able to authenticate with an email claim such as [email protected]@company.com and โฆ