1221 matches found
SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks
The notorious cybercrime collective known as Scattered LAPSUS$ Hunters SLH has been observed offering financial incentives to recruit women to pull off social engineering attacks. The idea is to hire them for voice phishing campaigns targeting IT help desks, Dataminr said in a new threat brief. T...
📄 SolarWinds Web Help Desk Access Control Bypass / Unsafe Deserialization
This Metasploit module exploits access control bypass and unsafe deserialization vulnerabilities in SolarWinds Web Help Desk to achieve unauthenticated remote code execution...
CVE-2025-67977
Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through = 1.0.8...
CVE-2026-24959
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through = 3.0.1...
CVE-2026-24959
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through = 3.0.1...
CVE-2026-24959
CVE-2026-24959 is a SQL Injection in WordPress plugin JS Help Desk (js-support-ticket) , with root cause described as improper neutralization of special elements in SQL queries. Affected software: JS Help Desk versions up to and including 3.0.1. Public sources (Patchstack, Red Hat, CIRCL/CVE feed...
CVE-2026-24959 WordPress JS Help Desk plugin <= 3.0.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through = 3.0.1...
CVE-2026-24959
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through = 3.0.1...
CVE-2026-24959 WordPress JS Help Desk plugin <= 3.0.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through = 3.0.1...
PT-2026-21238
Name of the Vulnerable Software and Affected Versions JoomSky JS Help Desk versions through 3.0.1 Description A flaw exists in JoomSky JS Help Desk js-support-ticket that allows for Blind SQL Injection due to improper neutralization of special elements used in an SQL command. This issue could...
WordPress plugin JS Help Desk 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Metasploit Wrap-Up 02/13/2026
SolarWinds Web Help Desk Our very own sfewer-r7 has developed an exploit module for the SolarWinds Web Help Desk vulnerabilities CVE-2025-40536 and CVE-2025-40551. On successful exploitation the session will be as running as NT AUTHORITY\SYSTEM. For more information see the Rapid7’s SolarWinds We...
SolarWinds Web Help Desk unauthenticated RCE
This module exploits an access control bypass vulnerability CVE-2025-40536 and an unsafe deserialization vulnerability CVE-2025-40551 to achieve unauthenticated RCE against a vulnerable SolarWinds Web Help Desk WHD server. Module Options msf use exploit/multi/http/solarwindswebhelpdeskrce msf...
📄 SolarWinds Web Help Desk Unauthenticated Remote Code Execution
This Metasploit module exploits an access control bypass vulnerability CVE-2025-40536 and an unsafe deserialization vulnerability CVE-2025-40551 to achieve unauthenticated remote code execution against a vulnerable SolarWinds Web Help Desk WHD server. This module requires Metasploit:...
VulnCheck KEV: CVE-2025-40536
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality...
SolarWinds Web Help Desk Security Control Bypass Vulnerability
SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality...
WordPress JS Help Desk plugin <= 3.0.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Bonds in WordPress Plugin JS Help Desk versions = 3.0.1...
Unspecified Vulnerability in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin ELEX WordPress HelpDesk & Customer...
PT-2026-7491
A stack-use-after-return issue exists in the Arduino Core STM32 library prior to version 1.7.0. The pwm start function allocates a TIM HandleTypeDef structure on the stack and passes its address to HAL initialization routines, where it is stored in a global timer handle registry. After the functi...
SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers
Microsoft has revealed that it observed a multi‑stage intrusion that involved the threat actors exploiting internet‑exposed SolarWinds Web Help Desk WHD instances to obtain initial access and move laterally across the organization's network to other high-value assets. That said, the Microsoft...