MAL-2025-7991 Malicious code in @help_api/utilities (npm)

The package @helpapi/utilities was found to contain malicious code...

MAL-2025-33162 Malicious code in show-help (npm)

The package show-help was found to contain malicious code...

MAL-2025-7994 Malicious code in @help_center/types (npm)

The package @helpcenter/types was found to contain malicious code...

MAL-2025-7992 Malicious code in @help_center/config (npm)

The package @helpcenter/config was found to contain malicious code...

SolarWinds Web Help Desk < 12.8.7 XXE Vulnerability

The version of Solarwinds Web Help Desk installed on the remote host is prior to 12.8.7. It is, therefore, affected by a vulnerability. SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection XXE vulnerability that could lead to information disclosure. A valid,...

VulnCheck KEV: CVE-2025-2712

A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /help/top.jsp. The manipulation of the argument langcode leads to cross site scripting. The attack can be launched remotely. The exploi...

How Scattered Spider Used Fake Calls to Breach Clorox via Cognizant

Specops Software's analysis reveals how Scattered Spider's persistent help desk exploitation cost Clorox $400 million. Understand the August 2023 breach, its operational disruption, and critical steps organisations must take to protect against similar social engineering threats...

CVE-2025-26400 SolarWinds Web Help Desk XML External Entity Injection (XXE) Vulnerability

SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection XXE vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files...

CVE-2025-26400 SolarWinds Web Help Desk XML External Entity Injection (XXE) Vulnerability

SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection XXE vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files...

PT-2025-31182 · Solarwinds · Solarwinds Web Help Desk

Name of the Vulnerable Software and Affected Versions: SolarWinds Web Help Desk affected versions not specified Description: SolarWinds Web Help Desk is susceptible to an XML External Entity XXE injection issue that may result in information disclosure. Successful exploitation requires valid,...

SolarWinds Web Help Desk 代码问题漏洞

SolarWinds Web Help Desk is a suite of help desk and asset management software from US-based SolarWinds. The software supports centralized knowledge base, IT asset management, project and task management, and other features. A code issue vulnerability exists in SolarWinds Web Help Desk that...

VulnCheck KEV: CVE-2021-35232

Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users ...

CVE-2025-54366 FreeScout's deserialization of untrusted data leads to Remote Code Execution

FreeScout is a lightweight free open source help desk and shared inbox built with PHP Laravel framework. In versions 1.8.185 and below, there is a critical deserialization vulnerability in the /conversation/ajax endpoint that allows authenticated users with knowledge of the APPKEY to achieve remo...

CVE-2025-41439

CVE-2025-41439 describes a reflected cross-site scripting vulnerability in the SLNX Help Documentation of Ricoh Streamline NX. The issue arises from a vulnerable parameter which can cause arbitrary scripts to run in a user’s browser when the product is accessed. Concrete details from connected so...

Security update for yelp

This update for yelp fixes the following issues: CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Security update for yelp

This update for yelp fixes the following issues: CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Security update for yelp-xsl

This update for yelp-xsl fixes the following issues: CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Ricoh Streamline NX Client Tool 跨站脚本漏洞

Ricoh Streamline NX Client Tool is a scalable document management application and tool from Ricoh Japan. A cross-site scripting vulnerability exists in Ricoh Streamline NX Client Tool, which stems from unvalidated specific parameters in the SLNX help documentation and could lead to a reflected...

Security update for yelp-xsl

This update for yelp-xsl fixes the following issues: CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Malicious code in jira-help-tips (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f8b0652aee06598b2ce4f2f215e70f168e2d91b3058832a20069ac391d6a3c0d Any computer that has this package installed or running should be considered...