WordPress plugin JS Help Desk 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-1046

Mattermost Desktop App versions =6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a user’s system via the user clicking on certain items in the Help menu Mattermost Advisory ID: MMSA-2026-00577...

EUVD-2026-6090

Mattermost Desktop App versions =6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a user’s system via the user clicking on certain items in the Help menu Mattermost Advisory ID: MMSA-2026-00577...

CVE-2026-1046

Mattermost Desktop App versions =6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a user’s system via the user clicking on certain items in the Help menu Mattermost Advisory ID: MMSA-2026-00577...

CVE-2026-1046

Mattermost Desktop App versions

CVE-2026-1046 Arbitrary application execution via unvalidated server-controlled URLs in Help menu

Mattermost Desktop App versions =6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a user’s system via the user clicking on certain items in the Help menu Mattermost Advisory ID: MMSA-2026-00577...

CVE-2026-1046

Mattermost Desktop App versions =6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a user’s system via the user clicking on certain items in the Help menu Mattermost Advisory ID: MMSA-2026-00577...

CVE-2026-1046 Arbitrary application execution via unvalidated server-controlled URLs in Help menu

Mattermost Desktop App versions =6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a user’s system via the user clicking on certain items in the Help menu Mattermost Advisory ID: MMSA-2026-00577...

scan-exploit

pyt...

PT-2026-8342

Name of the Vulnerable Software and Affected Versions Mattermost versions 5.2.13.0 and earlier, versions 6.0 and 6.2.0 and earlier Description The Mattermost Desktop App does not properly validate help links. This allows a malicious Mattermost server to execute arbitrary executables on a user’s...

Mattermost Desktop App 安全漏洞

The Mattermost Desktop App is a desktop application for message communication developed by the American company Mattermost. Versions 6.0, 6.2.0, and 5.2.13.0 of the Mattermost Desktop App have security vulnerabilities. These vulnerabilities stem from unvalidated help links, which could allow...

Metasploit Wrap-Up 02/13/2026

SolarWinds Web Help Desk Our very own sfewer-r7 has developed an exploit module for the SolarWinds Web Help Desk vulnerabilities CVE-2025-40536 and CVE-2025-40551. On successful exploitation the session will be as running as NT AUTHORITY\SYSTEM. For more information see the Rapid7’s SolarWinds We...

SolarWinds Web Help Desk unauthenticated RCE

This module exploits an access control bypass vulnerability CVE-2025-40536 and an unsafe deserialization vulnerability CVE-2025-40551 to achieve unauthenticated RCE against a vulnerable SolarWinds Web Help Desk WHD server. Module Options msf use exploit/multi/http/solarwindswebhelpdeskrce msf...

Exploit for CVE-2025-40552

CVE-2025-40552 and CVE-2025-40553 SolarWinds Web Help Desk Pre...

📄 SolarWinds Web Help Desk Unauthenticated Remote Code Execution

This Metasploit module exploits an access control bypass vulnerability CVE-2025-40536 and an unsafe deserialization vulnerability CVE-2025-40551 to achieve unauthenticated remote code execution against a vulnerable SolarWinds Web Help Desk WHD server. This module requires Metasploit:...

CVE-2020-37178

A flaw was found in KeePass. Attackers can exploit a denial of service vulnerability in the help system's HTML handling by dragging and dropping malicious HTML files into the help area. This action can lead to application instability or a crash, resulting in a denial of service. Mitigation Users...

VulnCheck KEV: CVE-2025-40536

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality...

SolarWinds Web Help Desk Security Control Bypass Vulnerability

SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality...

CVE-2020-37178

KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash...

CVE-2020-37178

KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash...