3382 matches found
Popular Iranian App BadeSaba was Hacked to Send “Help Is on the Way” Alerts
Hackers took over Iran’s BadeSaba Calendar prayer app, sending “Help Is on the Way” alerts and messages urging soldiers to lay down weapons...
CVE-2025-52564
Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as underlined text, via a crafted URL. This issue has been patched in version 1.11.30...
CVE-2025-52564
Chamilo LMS before 1.11.30 is affected by an HTML injection vulnerability in the open parameter of help.php, allowing a crafted URL to inject arbitrary HTML. The underlying issue is insufficient sanitization of user input. The flaw has been fixed in version 1.11.30. Affected product: Chamilo LMS;...
CVE-2025-52564 Chamilo: HTML injection via open parameter
Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as underlined text, via a crafted URL. This issue has been patched in version 1.11.30...
CVE-2025-52564
Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as underlined text, via a crafted URL. This issue has been patched in version 1.11.30...
EUVD-2025-208179
Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as underlined text, via a crafted URL. This issue has been patched in version 1.11.30...
CVE-2025-52564 Chamilo: HTML injection via open parameter
Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as underlined text, via a crafted URL. This issue has been patched in version 1.11.30...
CVE-2025-52564 Chamilo: HTML injection via open parameter
Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as underlined text, via a crafted URL. This issue has been patched in version 1.11.30...
Chamilo 安全漏洞
Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.30 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of the open parameter in the help.php file, which could allow attackers to inject arbitrary HTML...
Fedora 43 : 389-ds-base / python3-docs / python3.14 (2026-27ce708600)
The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-27ce708600 advisory. - New minor version of the Python interpreter, bringing also security fixes. - 389-ds-base: Fix system index configuration issues - 389-ds-base: Fix...
PT-2026-22621
Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as underlined text, via a crafted URL. This issue has been patched in version 1.11.30...
SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks
The notorious cybercrime collective known as Scattered LAPSUS$ Hunters SLH has been observed offering financial incentives to recruit women to pull off social engineering attacks. The idea is to hire them for voice phishing campaigns targeting IT help desks, Dataminr said in a new threat brief. T...
📄 SolarWinds Web Help Desk Access Control Bypass / Unsafe Deserialization
This Metasploit module exploits access control bypass and unsafe deserialization vulnerabilities in SolarWinds Web Help Desk to achieve unauthenticated remote code execution...
CVE-2025-67977
Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through = 1.0.8...
CVE-2026-24959
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through = 3.0.1...
CVE-2026-24959
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through = 3.0.1...
CVE-2026-24959 WordPress JS Help Desk plugin <= 3.0.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through = 3.0.1...
CVE-2026-24959
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through = 3.0.1...
CVE-2026-24959 WordPress JS Help Desk plugin <= 3.0.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through = 3.0.1...
CVE-2026-24959
CVE-2026-24959 is a SQL Injection in WordPress plugin JS Help Desk (js-support-ticket) , with root cause described as improper neutralization of special elements in SQL queries. Affected software: JS Help Desk versions up to and including 3.0.1. Public sources (Patchstack, Red Hat, CIRCL/CVE feed...