CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1220 matches found

SolarWinds Web Help Desk < 12.8.8 Hotfix 1 (HF1) - Security Control Bypass

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality. id: CVE-2025-40536 info: name: SolarWinds Web Help Desk 12.8.8 Hotfix 1 HF1 - Security...

9.8CVSS7.5AI score0.8413EPSS

Exploits4References3

Nuclei•added 2 days ago•10 views

SolarWinds Web Help Desk - Authentication Bypass

SolarWinds Web Help Desk contains an authentication bypass vulnerability caused by improper access control, letting attackers execute protected actions without authentication, exploit requires no special conditions. id: CVE-2025-40552 info: name: SolarWinds Web Help Desk - Authentication Bypass...

9.8CVSS7.6AI score0.6039EPSS

Exploits1References4

Nuclei•added 2 days ago•26 views

SolarWinds Web Help Desk - Authentication Bypass

SolarWinds Web Help Desk 12.8.8 HF1 and earlier contains an authentication bypass vulnerability in the WebObjects session handling. By crafting a request with a manipulated path component to an internal admin page endpoint, an unauthenticated attacker can access privileged administrative function...

9.8CVSS7.6AI score0.8413EPSS

Exploits5References4

Nuclei•added 2 days ago•12 views

JS Help Desk <= 2.8.1 - SQL Injection

The JS Help Desk – Best Help Desk & Support Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘email' and 'trackingid' parameters in all versions up to 2.8.2 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S...

9.8CVSS7.3AI score0.02041EPSS

Exploits0References2

Nuclei•added 2 days ago•25 views

JS Help Desk <= 2.8.2 - SQL Injection

JS Help Desk WordPress plugin 2.8.2 contains a SQL injection caused by insufficient escaping and preparation of user-supplied values in 'js-support-ticket-token-tkstatus' cookie, letting unauthenticated attackers extract sensitive database information, exploit requires no authentication. id:...

7.5CVSS5.8AI score0.01317EPSS

Exploits0References2

NVD•added 4 days ago•5 views

CVE-2026-57652

Unauthenticated Insecure Direct Object References IDOR in JS Help Desk = 3.1.0 versions...

5.3CVSS0.00187EPSS

Exploits0References1

Cvelist•added 4 days ago•30 views

CVE-2026-57652 WordPress JS Help Desk plugin <= 3.1.0 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in JS Help Desk = 3.1.0 versions...

5.3CVSS0.00187EPSS

Exploits0References1

CVE•added 4 days ago•9 views

CVE-2026-57652

The CVE-2026-57652 vulnerability affects the WordPress JS Help Desk plugin

5.3CVSS5.8AI score0.00187EPSS

Exploits0References1

EUVD•added 4 days ago•6 views

EUVD-2026-39767

Unauthenticated Insecure Direct Object References IDOR in JS Help Desk = 3.1.0 versions...

5.3CVSS5.8AI score0.00187EPSS

Exploits0References1

Patchstack•added 4 days ago•7 views

WordPress JS Help Desk plugin <= 3.1.0 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by William Matos in WordPress Plugin JS Help Desk versions = 3.1.0...

5.3CVSS5.8AI score0.00187EPSS

Exploits0Affected Software1

CVE•added 5 days ago•10 views

CVE-2026-56054

CVE-2026-56054 affects the WordPress JS Help Desk plugin (versions <= 3.1.1). The vulnerability allows Arbitrary File Deletion within the plugin, with impact described as high (availability impact) and CVSS 3.1 base score 7.7. The advisory does not provide root cause specifics or remediation s...

7.7CVSS5.8AI score0.0045EPSS

Exploits0References1

Cvelist•added 5 days ago•31 views

CVE-2026-56054 WordPress JS Help Desk plugin <= 3.1.1 - Arbitrary File Deletion vulnerability

Subscriber Arbitrary File Deletion in JS Help Desk = 3.1.1 versions...

7.7CVSS0.0045EPSS

Exploits0References1

EUVD•added 5 days ago•5 views

EUVD-2026-39383

Subscriber Arbitrary File Deletion in JS Help Desk = 3.1.1 versions...

7.7CVSS5.8AI score0.0045EPSS

Exploits0References1

Nuclei•added 5 days ago•58 views

SolarWinds Web Help Desk - Hardcoded Credential

The SolarWinds Web Help Desk WHD software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data. id: CVE-2024-28987 info: name: SolarWinds Web Help Desk - Hardcoded Credential author:...

9.1CVSS7.6AI score0.93159EPSS

Exploits5References3

Positive Technologies•added 5 days ago•8 views

PT-2026-52435

Name of the Vulnerable Software and Affected Versions JS Help Desk versions prior to 3.1.2 Description Low-privileged subscribers can remotely delete critical files due to a path traversal issue. Path traversal is a flaw that allows an attacker to access or manipulate files outside the intended...

7.7CVSS5.8AI score0.0045EPSS

Exploits0References3

NVD•added 2026/06/15 9:17 p.m.•6 views

CVE-2026-48887

Unauthenticated Broken Access Control in JS Help Desk = 3.0.9 versions...

6.5CVSS0.00235EPSS

Exploits0References1

NVD•added 2026/06/15 9:17 p.m.•12 views

CVE-2026-48886

Unauthenticated SQL Injection in JS Help Desk = 3.0.9 versions...

9.3CVSS0.00283EPSS

Exploits0References1