1221 matches found
SolarWinds Web Help Desk 安全漏洞
SolarWinds Web Help Desk is a service desk and asset management software provided by the American company SolarWinds. This software supports centralized knowledge bases, IT asset management, project and task management functions. There is a security vulnerability in SolarWinds Web Help Desk, whic...
VulnCheck KEV: CVE-2025-40554
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk...
CVE-2026-40568
FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a stored cross-site scripting XSS vulnerability in the mailbox signature feature. The sanitization function Helper::stripDangerousTags app/Misc/Helper.php:568 uses an incomplete blocklist of only four HTM...
EUVD-2026-24173
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the loadcustomerinfo action in POST /conversation/ajax returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to retriev...
Horilla 安全漏洞
Horilla is a free open-source human resources software developed by Horilla Company. Version 1.5.0 of Horilla contains a security vulnerability. This vulnerability stems from an access control flaw in the help desk attachment viewer, which may allow any authenticated user to view attachments from...
PT-2026-34029
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, customer-thread editing is authorized through ThreadPolicy::edit, which checks mailbox access but does not apply the assigned-only restriction from ConversationPolicy. A user who cannot view a conversation can...
WordPress JS Help Desk - AI-Powered Support & Ticketing System plugin <= 3.0.4 - Unauthenticated SQL Injection via 'multiformid' Parameter vulnerability
WordPress JS Help Desk - AI-Powered Support & Ticketing System plugin = 3.0.4 - Unauthenticated SQL Injection via 'multiformid' Parameter vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin JS Help Desk versions = 3.0.4...
CVE-2026-2511
The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the multiformid parameter in the storeTickets function in all versions up to, and including, 3.0.4. This is due to the user-supplied multiformid value being passed to escsql without...
CVE-2026-32534
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through = 3.0.3...
CVE-2026-32535
Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Help Desk js-support-ticket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk: from n/a through = 3.0.3...
CVE-2026-2511 JS Help Desk – AI-Powered Support & Ticketing System <= 3.0.4 - Unauthenticated SQL Injection via 'multiformid' Parameter
The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the multiformid parameter in the storeTickets function in all versions up to, and including, 3.0.4. This is due to the user-supplied multiformid value being passed to escsql without...
CVE-2026-2511 JS Help Desk – AI-Powered Support & Ticketing System <= 3.0.4 - Unauthenticated SQL Injection via 'multiformid' Parameter
The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the multiformid parameter in the storeTickets function in all versions up to, and including, 3.0.4. This is due to the user-supplied multiformid value being passed to escsql without...
PT-2026-28342
Name of the Vulnerable Software and Affected Versions JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress versions prior to 3.0.5 Description The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is susceptible to SQL Injection through the multiformid...
WordPress plugin JS Help Desk SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
EUVD-2026-15909
Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Help Desk js-support-ticket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk: from n/a through = 3.0.3...
EUVD-2026-15907
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through = 3.0.3...
CVE-2026-32535
Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Help Desk js-support-ticket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk: from n/a through = 3.0.3...
CVE-2026-32534
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through = 3.0.3...
CVE-2026-32534 WordPress JS Help Desk plugin <= 3.0.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through = 3.0.3...
CVE-2026-32535
Authorization Bypass Through User-Controlled Key vulnerability in JoomSky JS Help Desk js-support-ticket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk: from n/a through = 3.0.3...