CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

81 matches found

SimpleHelp <= 5.5.7 - Unauthenticated Path Traversal

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing...

9.1CVSS7.6AI score0.95151EPSS

Exploits2References2

NVD•added 2026/06/12 6:16 p.m.•11 views

CVE-2026-48558

SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a...

10CVSS0.00721EPSS

Exploits0References3

Vulnrichment•added 2026/06/12 5:7 p.m.•9 views

CVE-2026-48558 SimpleHelp Authentication Bypass via Missing OIDC JWT Signature Verification

10CVSS5.5AI score0.00721EPSS

Exploits0References3

CVE•added 2026/06/12 5:7 p.m.•44 views

CVE-2026-48558

Summary (CVE-2026-48558): SimpleHelp

10CVSS5.5AI score0.00721EPSS

Exploits0References3

The Hacker News•added 2026/05/04 6:6 p.m.•15 views

Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools

An active phishing campaign has been observed targeting multiple vectors since at least April 2025 with legitimate Remote Monitoring and Management RMM software as a way to establish persistent remote access to compromised hosts. The activity, codenamed VENOMOUSHELPER , has impacted over 80...

6AI score

Exploits0

The Hacker News•added 2026/04/25 5:8 a.m.•18 views

CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X series routers to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The list of...

9.9CVSS9.6AI score0.91941EPSS

Exploits4

CISA•added 2026/04/24 12:0 p.m.•28 views

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2024-7399link is external Samsung MagicINFO 9 Server Path Traversal Vulnerability CVE-2024-57726link is external SimpleHelp Missing Authorization Vulnerability...

9.9CVSS5.4AI score0.91941EPSS

In wildExploits4References9

The Hacker News•added 2026/03/23 10:55 a.m.•4 views

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. The email campaigns take advantage of the urgency and time-sensitive nature of emails to send phishing messages masquerading as refund notices, payroll...

6AI score

Exploits0

The Hacker News•added 2025/10/07 8:15 a.m.•13 views

Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware

Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware. The vulnerability is CVE-2025-10035 CVSS score: 10.0, a critical deserialization bug that could...

10CVSS8.8AI score0.99614EPSS

Exploits2