Vulnerabilities in freescout-help-desk
65 resultsCVE-2026-28289CRITICALFreeScout 1.8.206 Patch Bypass for CVE-2026-27636 via Zero-Width Space Character Leads to Remote Code ExecutionEPSS 31.1%CVE-2026-27636HIGHFreeScout: Missing .htaccess in Restricted File Extensions Allows Remote Code Execution on ApacheEPSS 2.1%CVE-2025-48471HIGHFreeScout Vulnerable to Arbitrary File UploadEPSS 1.0%CVE-2025-54366HIGHFreeScout's deserialization of untrusted data leads to Remote Code ExecutionEPSS 0.9%CVE-2025-48389HIGHFreeScout Vulnerable to Deserialization of Untrusted DataEPSS 0.8%CVE-2025-48390HIGHFreeScout Vulnerable to Remote Code Execution (RCE)EPSS 0.8%CVE-2026-27637CRITICALFreeScout's Predictable Authentication Token Enables Account TakeoverEPSS 0.7%CVE-2025-58163HIGHFreeScout's deserialization of untrusted data can lead to Remote Code ExecutionEPSS 0.7%CVE-2026-40498HIGHFreeScout has Authentication Bypass and Information Disclosure in SystemController via /system/cronEPSS 0.6%CVE-2026-32754CRITICALFreeScout: Stored XSS via Unescaped Email Template Rendering ({!! $thread->body !!})EPSS 0.5%CVE-2025-48481MEDIUMFreeScout Has Business Logic ErrorsEPSS 0.5%CVE-2025-48476HIGHFreeScout Has Business Logic ErrorsEPSS 0.4%CVE-2025-48477HIGHFreeScout Has Business Logic ErrorsEPSS 0.4%CVE-2025-48474MEDIUMFreeScout Vulnerable to Insufficient AuthorizationEPSS 0.4%CVE-2026-40496HIGHFreeScout has Predictable Attachment Token that Allows Unauthenticated Private File Download via Brute ForceEPSS 0.4%CVE-2025-48478HIGHFreeScout Has Business Logic ErrorsEPSS 0.4%CVE-2026-41193CRITICALFreeScout has Zip Slip path traversal in module installation that allows arbitrary file write leading to RCEEPSS 0.4%CVE-2025-48472MEDIUMFreeScout Vulnerable to Insufficient AuthorizationEPSS 0.3%CVE-2025-48880MEDIUMFreeScout has Race Condition When Deleting UsersEPSS 0.3%CVE-2025-48475MEDIUMFreeScout Vulnerable to Insufficient AuthorizationEPSS 0.3%