2452 matches found
EUVD-2026-38799
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Desk desktop icon renderer...
CVE-2026-50703
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Desk desktop icon renderer...
CVE-2026-50703
Summary : CVE-2026-50703 affects Frappe Framework 17.0.0-dev, with a stored XSS vulnerability in the Desk desktop icon renderer caused by improper neutralization of user-controlled input. This could allow an attacker to inject malicious content into the icon label, potentially affecting users who...
SolarWinds Web Help Desk < 12.8.8 Hotfix 1 (HF1) - Security Control Bypass
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality. id: CVE-2025-40536 info: name: SolarWinds Web Help Desk 12.8.8 Hotfix 1 HF1 - Security...
SolarWinds Web Help Desk - Authentication Bypass
SolarWinds Web Help Desk contains an authentication bypass vulnerability caused by improper access control, letting attackers execute protected actions without authentication, exploit requires no special conditions. id: CVE-2025-40552 info: name: SolarWinds Web Help Desk - Authentication Bypass...
SolarWinds Web Help Desk - Authentication Bypass
SolarWinds Web Help Desk 12.8.8 HF1 and earlier contains an authentication bypass vulnerability in the WebObjects session handling. By crafting a request with a manipulated path component to an internal admin page endpoint, an unauthenticated attacker can access privileged administrative function...
JS Help Desk <= 2.8.1 - SQL Injection
The JS Help Desk – Best Help Desk & Support Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘email' and 'trackingid' parameters in all versions up to 2.8.2 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S...
SolarWinds Web Help Desk - Hardcoded Credential
The SolarWinds Web Help Desk WHD software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data. id: CVE-2024-28987 info: name: SolarWinds Web Help Desk - Hardcoded Credential author:...
JS Help Desk <= 2.8.2 - SQL Injection
JS Help Desk WordPress plugin 2.8.2 contains a SQL injection caused by insufficient escaping and preparation of user-supplied values in 'js-support-ticket-token-tkstatus' cookie, letting unauthenticated attackers extract sensitive database information, exploit requires no authentication. id:...
Zoho ManageEngine ServiceDesk Plus - Authentication Bypass
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication. id: CVE-2021-37415 info: name: Zoho ManageEngine ServiceDesk Plus - Authentication Bypass author: daffainfo,jjcho severity: critical description: | Zoho...
CVE-2026-48887
Unauthenticated Broken Access Control in JS Help Desk = 3.0.9 versions...
CVE-2026-48886
Unauthenticated SQL Injection in JS Help Desk = 3.0.9 versions...
EUVD-2026-36863
Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System = 3.3.6 versions...
CVE-2026-48887
CVE-2026-48887 affects the WordPress JS Help Desk plugin ≤ 3.0.9 with an unauthenticated Broken Access Control flaw. Documents note unauthorized access control weakness but do not provide root cause details or a stated remediation; Patchstack is cited as the source. Exploitation status is not des...
CVE-2026-48887 WordPress JS Help Desk plugin <= 3.0.9 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in JS Help Desk = 3.0.9 versions...
EUVD-2026-36861
Unauthenticated Broken Access Control in JS Help Desk = 3.0.9 versions...
CVE-2026-48887 WordPress JS Help Desk plugin <= 3.0.9 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in JS Help Desk = 3.0.9 versions...
CVE-2026-48886 WordPress JS Help Desk plugin <= 3.0.9 - SQL Injection vulnerability
Unauthenticated SQL Injection in JS Help Desk = 3.0.9 versions...
EUVD-2026-36860
Unauthenticated SQL Injection in JS Help Desk = 3.0.9 versions...
CVE-2026-48886
The CVE-2026-48886 entry describes an unauthenticated SQL Injection in WordPress JS Help Desk plugin versions