Freescout
Monthly
File upload bypass in FreeScout 1.8.206 — patch bypass for CVE-2026-27636. PoC and patch available. CVSS 10.0.
Predictable password reset tokens in FreeScout help desk before 1.8.206. Weak random number generation allows attackers to predict reset tokens and take over accounts. PoC and patch available.
Remote code execution in FreeScout prior to version 1.8.206 allows authenticated users to upload `.htaccess` files that bypass file upload restrictions, enabling arbitrary code execution on Apache servers with `AllowOverride All` enabled. Public exploit code exists for this vulnerability. The attack requires valid user credentials but affects all FreeScout installations using the vulnerable PHP Laravel framework configuration.
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. Public exploit code available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity.
File upload bypass in FreeScout 1.8.206 — patch bypass for CVE-2026-27636. PoC and patch available. CVSS 10.0.
Predictable password reset tokens in FreeScout help desk before 1.8.206. Weak random number generation allows attackers to predict reset tokens and take over accounts. PoC and patch available.
Remote code execution in FreeScout prior to version 1.8.206 allows authenticated users to upload `.htaccess` files that bypass file upload restrictions, enabling arbitrary code execution on Apache servers with `AllowOverride All` enabled. Public exploit code exists for this vulnerability. The attack requires valid user credentials but affects all FreeScout installations using the vulnerable PHP Laravel framework configuration.
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. Public exploit code available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
FreeScout is a free self-hosted help desk and shared mailbox. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity.