3381 matches found
CVE-2020-37178 KeePass 2.44 - Denial of Service (PoC)
KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash...
CVE-2020-37178
KeePass Password Safe
WordPress JS Help Desk plugin <= 3.0.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Bonds in WordPress Plugin JS Help Desk versions = 3.0.1...
PT-2026-7676
KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash...
Unspecified Vulnerability in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin ELEX WordPress HelpDesk & Customer...
PT-2026-7491
A stack-use-after-return issue exists in the Arduino Core STM32 library prior to version 1.7.0. The pwm start function allocates a TIM HandleTypeDef structure on the stack and passes its address to HAL initialization routines, where it is stored in a global timer handle registry. After the functi...
KeePass Password Safe 代码注入漏洞
KeePass Password Safe is a local password management tool developed by the KeePass company. Versions of KeePass Password Safe prior to 2.44 contained a code injection vulnerability. This vulnerability stemmed from improper handling of HTML in the help system, which could lead to denial-of-service...
[SECURITY] Fedora 43 Update: rust-tealdeer-1.7.2-4.fc43
Fetch and show tldr help pages for many CLI commands. Full featured offline client with caching support...
SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers
Microsoft has revealed that it observed a multi‑stage intrusion that involved the threat actors exploiting internet‑exposed SolarWinds Web Help Desk WHD instances to obtain initial access and move laterally across the organization's network to other high-value assets. That said, the Microsoft...
Analysis of active exploitation of SolarWinds Web Help Desk
The Microsoft Defender Research Team observed a multi‑stage intrusion where threat actors exploited internet‑exposed SolarWinds Web Help Desk WHD instances to get an initial foothold and then laterally moved towards other high-value assets within the organization. However, we have not yet confirm...
Analysis of active exploitation of SolarWinds Web Help Desk
The Microsoft Defender Research Team observed a multi‑stage intrusion where threat actors exploited internet‑exposed SolarWinds Web Help Desk WHD instances to get an initial foothold and then laterally moved towards other high-value assets within the organization. However, we have not yet confirm...
Calibre 路径遍历漏洞
Calibre is an open-source, free tool developed by Kovid Goyal, a personal developer in India. It serves as a comprehensive e-book reading management and format conversion tool. Prior to Calibre 9.2.0, there was a path traversal vulnerability. This vulnerability stemmed from the CHM reader’s...
SolarWinds Web Help Desk < 12.8.3 - Insecure Deserialization
SolarWinds Web Help Desk before version 12.8.3 contain a critical Java deserialization vulnerability that enables remote code execution. Attackers can exploit this flaw to execute arbitrary commands on the host machine. Initially reported as unauthenticated, SolarWinds was unable to reproduce...
CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk WHD to its Known Exploited Vulnerabilities KEV catalog, flagging it as actively exploited in attacks. The vulnerability, tracked as CVE-2025-40551 CVSS score...
SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication...
VulnCheck KEV: CVE-2025-40551
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication...
Vulnerabilities fixed in SolarWinds Web Help Desk
SolarWinds has fixed vulnerabilities in SolarWinds Web Help Desk. The vulnerabilities include the ability for unauthenticated attackers to gain access to limited functionality within the system, the use of hard-coded credentials that could grant unauthorized access to administrative functions, an...
Exploit for CVE-2025-40554
CVE-2025-40554 Exploitation Suite A comprehensive security te...
SolarWinds Web Help Desk < 2026.1 Multiple Vulnerabilities
The version of Solarwinds Web Help Desk installed on the remote host is prior to 2026.1. It is, therefore, affected by multiple vulnerabilities. - SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, whic...
Exploit for CVE-2025-40554
CVE-2025-40554 – SolarWinds Web Help Desk Auth Bypass PoC Pro...