1164 matches found
PT-2026-5071
Name of the Vulnerable Software and Affected Versions SolarWinds Web Help Desk versions prior to 12.8.8 Hotfix 1 HF1 Description SolarWinds Web Help Desk is susceptible to a security control bypass. Successful exploitation could allow an unauthenticated attacker to gain access to restricted...
PT-2026-5072
Name of the Vulnerable Software and Affected Versions SolarWinds Web Help Desk versions prior to 12.8.1 Description SolarWinds Web Help Desk is susceptible to a hardcoded credentials issue that, in certain scenarios, could allow access to administrative functions. Attackers can identify exposed...
WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.3.5...
CVE-2026-23946
Tendenci is an open source content management system built for non-profits, associations and cause-based sites. Versions 15.3.11 and below include a critical deserialization vulnerability in the Helpdesk module which is not enabled by default. This vulnerability allows Remote Code Execution RCE b...
CVE-2026-23946
Tendenci is an open source content management system built for non-profits, associations and cause-based sites. Versions 15.3.11 and below include a critical deserialization vulnerability in the Helpdesk module which is not enabled by default. This vulnerability allows Remote Code Execution RCE b...
CVE-2026-23946 Tendenci has Authenticated Remote Code Execution via Pickle Deserialization
Tendenci is an open source content management system built for non-profits, associations and cause-based sites. Versions 15.3.11 and below include a critical deserialization vulnerability in the Helpdesk module which is not enabled by default. This vulnerability allows Remote Code Execution RCE b...
CVE-2026-23946 Tendenci has Authenticated Remote Code Execution via Pickle Deserialization
Tendenci is an open source content management system built for non-profits, associations and cause-based sites. Versions 15.3.11 and below include a critical deserialization vulnerability in the Helpdesk module which is not enabled by default. This vulnerability allows Remote Code Execution RCE b...
CVE-2026-23946 Tendenci has Authenticated Remote Code Execution via Pickle Deserialization
Tendenci is an open source content management system built for non-profits, associations and cause-based sites. Versions 15.3.11 and below include a critical deserialization vulnerability in the Helpdesk module which is not enabled by default. This vulnerability allows Remote Code Execution RCE b...
CVE-2026-23946
Tendenci 15.3.11 and earlier contains a critical deserialization vulnerability in the Helpdesk module that enables authenticated RCE via Python pickle loads in helpdesk/reports/. While ticket_list() uses safe JSON deserialization, run_report() still relies on pickle.loads(), exposing impact limit...
CVE-2026-23946
Tendenci is an open source content management system built for non-profits, associations and cause-based sites. Versions 15.3.11 and below include a critical deserialization vulnerability in the Helpdesk module which is not enabled by default. This vulnerability allows Remote Code Execution RCE b...
Tendenci code issues and vulnerabilities
Tendenci is a software solution developed by the Tendenci company in the United States, primarily used for managing associations of non-profit organizations and institutions. This software supports functions such as member management, content management, event management, and online donation...
GHSA-339M-4QW5-J2G3 Tendenci Affected by Authenticated Remote Code Execution via Pickle Deserialization
A critical deserialization vulnerability exists in Tendenci Helpdesk module NOTE, by default, Helpdesk is NOT enabled, affecting the version 15.3.11 and earlier. This vulnerability allows remote code execution RCE by an authenticated user with staff security level due to using Python's pickle...
Deserialization of Untrusted Data
Overview tendenci is a Tendenci - The Open Source Association Management System AMS Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the runreport function in the helpdesk module. An attacker can execute arbitrary code with the privileges of the applicatio...
Tendenci Affected by Authenticated Remote Code Execution via Pickle Deserialization
A critical deserialization vulnerability exists in Tendenci Helpdesk module NOTE, by default, Helpdesk is NOT enabled, affecting the version 15.3.11 and earlier. This vulnerability allows remote code execution RCE by an authenticated user with staff security level due to using Python's pickle...
CVE-2023-25350
Faveo Helpdesk 1.0-1.11.1 is vulnerable to SQL Injection. When the user logs in through the login box, he has no judgment on the validity of the user's input data. The parameters passed from the front end to the back end are controllable, which will lead to SQL injection...
CVE-2018-19948
The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this cross-site request forgery CSRF vulnerability could allow attackers to force NAS users to execute unintentional actions through a web application. QNAP has already fixed the issue in Helpdesk 3.0.3 and...
CVE-2010-0333
SQL injection vulnerability in the Helpdesk mghelp extension 1.1.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2021-28022
Blind SQL injection in the login form in ServiceTonic Helpdesk software 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries...
CVE-2021-28024
Unauthorized system access in the login form in ServiceTonic Helpdesk software version 9.0.35937 allows attacker to login without using a password...
CVE-2017-18486
Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the server for remote...