Lucene search
K

2470 matches found

Nuclei
Nuclei
added yesterday44 views

JS Help Desk <= 2.8.1 - SQL Injection

The JS Help Desk – Best Help Desk & Support Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘email' and 'trackingid' parameters in all versions up to 2.8.2 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S...

9.8CVSS7AI score0.02041EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday38 views

JS Help Desk <= 2.8.2 - SQL Injection

JS Help Desk WordPress plugin 2.8.2 contains a SQL injection caused by insufficient escaping and preparation of user-supplied values in 'js-support-ticket-token-tkstatus' cookie, letting unauthenticated attackers extract sensitive database information, exploit requires no authentication. id:...

7.5CVSS6.1AI score0.01317EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday32 views

SolarWinds Web Help Desk < 12.8.8 Hotfix 1 (HF1) - Security Control Bypass

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality. id: CVE-2025-40536 info: name: SolarWinds Web Help Desk 12.8.8 Hotfix 1 HF1 - Security...

9.8CVSS7AI score0.8413EPSS
Exploits4References3
Nuclei
Nuclei
added 3 days ago12 views

SolarWinds Web Help Desk - Authentication Bypass

SolarWinds Web Help Desk contains an authentication bypass vulnerability caused by improper access control, letting attackers execute protected actions without authentication, exploit requires no special conditions. id: CVE-2025-40552 info: name: SolarWinds Web Help Desk - Authentication Bypass...

9.8CVSS7.2AI score0.6039EPSS
Exploits1References4
Nuclei
Nuclei
added 3 days ago33 views

SolarWinds Web Help Desk - Authentication Bypass

SolarWinds Web Help Desk 12.8.8 HF1 and earlier contains an authentication bypass vulnerability in the WebObjects session handling. By crafting a request with a manipulated path component to an internal admin page endpoint, an unauthenticated attacker can access privileged administrative function...

9.8CVSS7.1AI score0.8413EPSS
Exploits5References4
NVD
NVD
added 5 days ago7 views

CVE-2026-1832

The ThriveDesk – Live Chat, AI Chatbot, Helpdesk & Knowledge Base plugin for WordPress is vulnerable to unauthorized cache deletion due to a missing capability check on the 'thrivedeskclearcache' AJAX action in all versions up to, and including, 2.1.7. This makes it possible for authenticated...

4.3CVSS0.00204EPSS
Exploits0References6
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-43146

The ThriveDesk – Live Chat, AI Chatbot, Helpdesk & Knowledge Base plugin for WordPress is vulnerable to unauthorized cache deletion due to a missing capability check on the 'thrivedeskclearcache' AJAX action in all versions up to, and including, 2.1.7. This makes it possible for authenticated...

4.3CVSS6.1AI score0.00204EPSS
Exploits0References6
Nuclei
Nuclei
added 2026/07/07 4:50 p.m.70 views

SolarWinds Web Help Desk - Hardcoded Credential

The SolarWinds Web Help Desk WHD software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data. id: CVE-2024-28987 info: name: SolarWinds Web Help Desk - Hardcoded Credential author:...

9.1CVSS7.4AI score0.93299EPSS
Exploits5References3
Nuclei
Nuclei
added 2026/07/07 3:1 a.m.38 views

Zoho ManageEngine ServiceDesk Plus - Authentication Bypass

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication. id: CVE-2021-37415 info: name: Zoho ManageEngine ServiceDesk Plus - Authentication Bypass author: daffainfo,jjcho severity: critical description: | Zoho...

9.8CVSS7.2AI score0.99854EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 3:16 p.m.8 views

CVE-2026-57652

Unauthenticated Insecure Direct Object References IDOR in JS Help Desk = 3.1.0 versions...

5.3CVSS0.00187EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:53 p.m.7 views

EUVD-2026-39767

Unauthenticated Insecure Direct Object References IDOR in JS Help Desk = 3.1.0 versions...

5.3CVSS5.8AI score0.00187EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:53 p.m.15 views

CVE-2026-57652

The CVE-2026-57652 vulnerability affects the WordPress JS Help Desk plugin

5.3CVSS5.8AI score0.00187EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.33 views

CVE-2026-57652 WordPress JS Help Desk plugin <= 3.1.0 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in JS Help Desk = 3.1.0 versions...

5.3CVSS0.00187EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/26 1:16 p.m.9 views

WordPress JS Help Desk plugin <= 3.1.0 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by William Matos in WordPress Plugin JS Help Desk versions = 3.1.0...

5.3CVSS5.8AI score0.00187EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/06/25 1:12 p.m.33 views

CVE-2026-56054 WordPress JS Help Desk plugin <= 3.1.1 - Arbitrary File Deletion vulnerability

Subscriber Arbitrary File Deletion in JS Help Desk = 3.1.1 versions...

7.7CVSS0.0045EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:12 p.m.14 views

CVE-2026-56054

CVE-2026-56054 affects the WordPress JS Help Desk plugin (versions &lt;= 3.1.1). The vulnerability allows Arbitrary File Deletion within the plugin, with impact described as high (availability impact) and CVSS 3.1 base score 7.7. The advisory does not provide root cause specifics or remediation s...

7.7CVSS5.8AI score0.0045EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:12 p.m.6 views

EUVD-2026-39383

Subscriber Arbitrary File Deletion in JS Help Desk = 3.1.1 versions...

7.7CVSS5.8AI score0.0045EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52435

Name of the Vulnerable Software and Affected Versions JS Help Desk versions prior to 3.1.2 Description Low-privileged subscribers can remotely delete critical files due to a path traversal issue. Path traversal is a flaw that allows an attacker to access or manipulate files outside the intended...

7.7CVSS5.8AI score0.0045EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 6:32 p.m.7 views

EUVD-2026-38799

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Desk desktop icon renderer...

4.8CVSS5.8AI score0.00239EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 4:16 p.m.8 views

CVE-2026-50703

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Desk desktop icon renderer...

4.8CVSS0.00239EPSS
Exploits0References2
Rows per page
Query Builder