Lucene search
K

1221 matches found

The Hacker News
The Hacker News
added 2026/02/25 3:6 p.m.7 views

SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks

The notorious cybercrime collective known as Scattered LAPSUS$ Hunters SLH has been observed offering financial incentives to recruit women to pull off social engineering attacks. The idea is to hire them for voice phishing campaigns targeting IT help desks, Dataminr said in a new threat brief. T...

6AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/23 12:0 a.m.199 views

📄 SolarWinds Web Help Desk Access Control Bypass / Unsafe Deserialization

This Metasploit module exploits access control bypass and unsafe deserialization vulnerabilities in SolarWinds Web Help Desk to achieve unauthenticated remote code execution...

9.8CVSS6.2AI score0.8413EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2026/02/21 7:30 p.m.5 views

CVE-2025-67977

Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through = 1.0.8...

8.2CVSS5.5AI score0.00269EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/21 7:29 p.m.5 views

CVE-2026-24959

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through = 3.0.1...

8.5CVSS5.8AI score0.00217EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 4:22 p.m.8 views

CVE-2026-24959

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through = 3.0.1...

8.5CVSS0.00217EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 3:47 p.m.18 views

CVE-2026-24959

CVE-2026-24959 is a SQL Injection in WordPress plugin JS Help Desk (js-support-ticket) , with root cause described as improper neutralization of special elements in SQL queries. Affected software: JS Help Desk versions up to and including 3.0.1. Public sources (Patchstack, Red Hat, CIRCL/CVE feed...

8.5CVSS5.8AI score0.00217EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/20 3:47 p.m.23 views

CVE-2026-24959 WordPress JS Help Desk plugin <= 3.0.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through = 3.0.1...

8.5CVSS0.00217EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 3:47 p.m.5 views

CVE-2026-24959

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through = 3.0.1...

8.5CVSS5.8AI score0.00217EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/20 3:47 p.m.4 views

CVE-2026-24959 WordPress JS Help Desk plugin <= 3.0.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through = 3.0.1...

8.5CVSS5.7AI score0.00217EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.9 views

PT-2026-21238

Name of the Vulnerable Software and Affected Versions JoomSky JS Help Desk versions through 3.0.1 Description A flaw exists in JoomSky JS Help Desk js-support-ticket that allows for Blind SQL Injection due to improper neutralization of special elements used in an SQL command. This issue could...

8.5CVSS5.7AI score0.00217EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.6 views

WordPress plugin JS Help Desk 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.5CVSS5.8AI score0.00217EPSS
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2026/02/13 8:1 p.m.15 views

Metasploit Wrap-Up 02/13/2026

SolarWinds Web Help Desk Our very own sfewer-r7 has developed an exploit module for the SolarWinds Web Help Desk vulnerabilities CVE-2025-40536 and CVE-2025-40551. On successful exploitation the session will be as running as NT AUTHORITY\SYSTEM. For more information see the Rapid7’s SolarWinds We...

9.8CVSS8.3AI score0.98871EPSS
Exploits79
Metasploit
Metasploit
added 2026/02/13 6:59 p.m.459 views

SolarWinds Web Help Desk unauthenticated RCE

This module exploits an access control bypass vulnerability CVE-2025-40536 and an unsafe deserialization vulnerability CVE-2025-40551 to achieve unauthenticated RCE against a vulnerable SolarWinds Web Help Desk WHD server. Module Options msf use exploit/multi/http/solarwindswebhelpdeskrce msf...

9.8CVSS7.3AI score0.8413EPSS
Exploits4
Packet Storm
Packet Storm
added 2026/02/13 12:0 a.m.180 views

📄 SolarWinds Web Help Desk Unauthenticated Remote Code Execution

This Metasploit module exploits an access control bypass vulnerability CVE-2025-40536 and an unsafe deserialization vulnerability CVE-2025-40551 to achieve unauthenticated remote code execution against a vulnerable SolarWinds Web Help Desk WHD server. This module requires Metasploit:...

9.8CVSS6.5AI score0.8413EPSS
Exploits4
VulnCheck KEV
VulnCheck KEV
added 2026/02/12 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-40536

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality...

9.8CVSS5.7AI score0.81624EPSS
In wildExploits4References3
CISA KEV Catalog
CISA KEV Catalog
added 2026/02/12 12:0 a.m.14 views

SolarWinds Web Help Desk Security Control Bypass Vulnerability

SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality...

9.8CVSS5.5AI score0.81624EPSS
In wildExploits4
Patchstack
Patchstack
added 2026/02/11 12:46 p.m.4 views

WordPress JS Help Desk plugin <= 3.0.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Bonds in WordPress Plugin JS Help Desk versions = 3.0.1...

8.5CVSS6AI score0.00217EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2026/02/11 12:0 a.m.2 views

Unspecified Vulnerability in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin ELEX WordPress HelpDesk & Customer...

5.3CVSS5.8AI score0.00268EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.10 views

PT-2026-7491

A stack-use-after-return issue exists in the Arduino Core STM32 library prior to version 1.7.0. The pwm start function allocates a TIM HandleTypeDef structure on the stack and passes its address to HAL initialization routines, where it is stored in a global timer handle registry. After the functi...

5.3CVSS5.8AI score0.00179EPSS
Exploits0References7
The Hacker News
The Hacker News
added 2026/02/09 2:42 p.m.12 views

SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers

Microsoft has revealed that it observed a multi‑stage intrusion that involved the threat actors exploiting internet‑exposed SolarWinds Web Help Desk WHD instances to obtain initial access and move laterally across the organization's network to other high-value assets. That said, the Microsoft...

9.8CVSS8.2AI score0.8833EPSS
Exploits7
Rows per page
Query Builder