5.3
CVE-2025-48475 - FreeScout Vulnerable to Insufficient Authorization
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the System does not provide a check on which "clients" of the System an authorized user can view and edit, and which ones they cannot. As a result, an authorized user who does not have access to any of the existโฆ
5.3
CVE-2025-48474 - FreeScout Vulnerable to Insufficient Authorization
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application incorrectly checks user access rights for conversations. Users with show_only_assigned_conversations enabled can assign themselves to an arbitrary conversation from the mailbox to which they haveโฆ
5.3
CVE-2025-48473 - FreeScout Vulnerable to Insufficient Authorization
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, when creating a conversation from a message in another conversation, there is no check to ensure that the user has the ability to view this message. Thus, the user can view arbitrary messages from other mailboxeโฆ
6.9
CVE-2025-48472 - FreeScout Vulnerable to Insufficient Authorization
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, there is no check to ensure that the user is disabling notifications for the mailbox to which they already have access. Moreover, the code explicitly implements functionality that if the user does not have accesโฆ
7
CVE-2025-48471 - FreeScout Vulnerable to Arbitrary File Upload
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, the application does not check or performs insufficient checking of files uploaded to the application. This allows files to be uploaded with the phtml and phar extensions, which can lead to remote code executionโฆ
8.6
CVE-2025-48390 - FreeScout Vulnerable to Remote Code Execution (RCE)
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is vulnerable to code injection due to insufficient validation of user input in the php_path parameter. The backticks characters are not removed, as well as tabulation is not removed. When checking useโฆ
8.6
CVE-2025-48389 - FreeScout Vulnerable to Deserialization of Untrusted Data
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is vulnerable to deserialization of untrusted data due to insufficient validation. Through the set function, a string with a serialized object can be passed, and when getting an option through the get โฆ
5.3
CVE-2025-3913 - Team Privacy Settings Authorization Bypass in Mattermost Server
Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to properly validate permissions when changing team privacy settings, allowing team administrators without the 'invite user' permission to access and modify team invite IDs via the /api/v4/teams/:teamIdโฆ
5.3
CVE-2025-5321 - aimhubio aim run_view Object query.py RestrictedPythonQuery privilege escalation
A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of the file /aim/storage/query.py of the component run_view Object Handler. The manipulation of the argument Abfrage leads to erweiterte Rechte. The attack caโฆ
7.5
CVE-2025-5334 -
Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to private personal information. Under specific circumstances, entries may be unintentionally moved from โฆ