Lucene search
K

1164 matches found

Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.5 views

PT-2026-5071

Name of the Vulnerable Software and Affected Versions SolarWinds Web Help Desk versions prior to 12.8.8 Hotfix 1 HF1 Description SolarWinds Web Help Desk is susceptible to a security control bypass. Successful exploitation could allow an unauthenticated attacker to gain access to restricted...

9.8CVSS8.6AI score0.8833EPSS
Exploits5References56
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.9 views

PT-2026-5072

Name of the Vulnerable Software and Affected Versions SolarWinds Web Help Desk versions prior to 12.8.1 Description SolarWinds Web Help Desk is susceptible to a hardcoded credentials issue that, in certain scenarios, could allow access to administrative functions. Attackers can identify exposed...

7.5CVSS5.6AI score0.00534EPSS
Exploits0References15
Patchstack
Patchstack
added 2026/01/27 7:12 a.m.7 views

WordPress ELEX WordPress HelpDesk & Customer Ticketing System plugin <= 3.3.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin ELEX WordPress HelpDesk & Customer Ticketing System versions = 3.3.5...

5.9AI score0.00248EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/23 12:26 a.m.3 views

CVE-2026-23946

Tendenci is an open source content management system built for non-profits, associations and cause-based sites. Versions 15.3.11 and below include a critical deserialization vulnerability in the Helpdesk module which is not enabled by default. This vulnerability allows Remote Code Execution RCE b...

9.8CVSS5.9AI score0.01338EPSS
Exploits1References1
NVD
NVD
added 2026/01/22 1:15 a.m.18 views

CVE-2026-23946

Tendenci is an open source content management system built for non-profits, associations and cause-based sites. Versions 15.3.11 and below include a critical deserialization vulnerability in the Helpdesk module which is not enabled by default. This vulnerability allows Remote Code Execution RCE b...

6.8CVSS0.00735EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/01/22 12:9 a.m.31 views

CVE-2026-23946 Tendenci has Authenticated Remote Code Execution via Pickle Deserialization

Tendenci is an open source content management system built for non-profits, associations and cause-based sites. Versions 15.3.11 and below include a critical deserialization vulnerability in the Helpdesk module which is not enabled by default. This vulnerability allows Remote Code Execution RCE b...

6.8CVSS0.00735EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2026/01/22 12:9 a.m.4 views

CVE-2026-23946 Tendenci has Authenticated Remote Code Execution via Pickle Deserialization

Tendenci is an open source content management system built for non-profits, associations and cause-based sites. Versions 15.3.11 and below include a critical deserialization vulnerability in the Helpdesk module which is not enabled by default. This vulnerability allows Remote Code Execution RCE b...

6.8CVSS5.9AI score0.00735EPSS
Exploits1References8
OSV
OSV
added 2026/01/22 12:9 a.m.4 views

CVE-2026-23946 Tendenci has Authenticated Remote Code Execution via Pickle Deserialization

Tendenci is an open source content management system built for non-profits, associations and cause-based sites. Versions 15.3.11 and below include a critical deserialization vulnerability in the Helpdesk module which is not enabled by default. This vulnerability allows Remote Code Execution RCE b...

6.8CVSS5.9AI score0.00735EPSS
Exploits1References10
CVE
CVE
added 2026/01/22 12:9 a.m.25 views

CVE-2026-23946

Tendenci 15.3.11 and earlier contains a critical deserialization vulnerability in the Helpdesk module that enables authenticated RCE via Python pickle loads in helpdesk/reports/. While ticket_list() uses safe JSON deserialization, run_report() still relies on pickle.loads(), exposing impact limit...

6.8CVSS8.6AI score0.00735EPSS
Exploits1References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/22 12:9 a.m.4 views

CVE-2026-23946

Tendenci is an open source content management system built for non-profits, associations and cause-based sites. Versions 15.3.11 and below include a critical deserialization vulnerability in the Helpdesk module which is not enabled by default. This vulnerability allows Remote Code Execution RCE b...

9.8CVSS8.4AI score0.01338EPSS
Exploits1References9Affected Software1
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.8 views

Tendenci code issues and vulnerabilities

Tendenci is a software solution developed by the Tendenci company in the United States, primarily used for managing associations of non-profit organizations and institutions. This software supports functions such as member management, content management, event management, and online donation...

6.8CVSS6.2AI score0.00735EPSS
Exploits1References9
OSV
OSV
added 2026/01/21 4:38 p.m.7 views

GHSA-339M-4QW5-J2G3 Tendenci Affected by Authenticated Remote Code Execution via Pickle Deserialization

A critical deserialization vulnerability exists in Tendenci Helpdesk module NOTE, by default, Helpdesk is NOT enabled, affecting the version 15.3.11 and earlier. This vulnerability allows remote code execution RCE by an authenticated user with staff security level due to using Python's pickle...

6.8CVSS7AI score0.01338EPSS
Exploits1References11
Snyk
Snyk
added 2026/01/21 4:38 p.m.3 views

Deserialization of Untrusted Data

Overview tendenci is a Tendenci - The Open Source Association Management System AMS Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the runreport function in the helpdesk module. An attacker can execute arbitrary code with the privileges of the applicatio...

9.8CVSS6.2AI score0.01338EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/01/21 4:38 p.m.12 views

Tendenci Affected by Authenticated Remote Code Execution via Pickle Deserialization

A critical deserialization vulnerability exists in Tendenci Helpdesk module NOTE, by default, Helpdesk is NOT enabled, affecting the version 15.3.11 and earlier. This vulnerability allows remote code execution RCE by an authenticated user with staff security level due to using Python's pickle...

9.8CVSS7AI score0.01338EPSS
Exploits1References11Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 12:41 p.m.7 views

CVE-2023-25350

Faveo Helpdesk 1.0-1.11.1 is vulnerable to SQL Injection. When the user logs in through the login box, he has no judgment on the validity of the user's input data. The parameters passed from the front end to the back end are controllable, which will lead to SQL injection...

8.8CVSS7.4AI score0.00805EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:59 a.m.8 views

CVE-2018-19948

The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this cross-site request forgery CSRF vulnerability could allow attackers to force NAS users to execute unintentional actions through a web application. QNAP has already fixed the issue in Helpdesk 3.0.3 and...

6.5CVSS7.4AI score0.00296EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:43 a.m.6 views

CVE-2010-0333

SQL injection vulnerability in the Helpdesk mghelp extension 1.1.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

7.5CVSS8.9AI score0.01013EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:26 a.m.8 views

CVE-2021-28022

Blind SQL injection in the login form in ServiceTonic Helpdesk software 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries...

7.5CVSS7.5AI score0.01115EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:26 a.m.6 views

CVE-2021-28024

Unauthorized system access in the login form in ServiceTonic Helpdesk software version 9.0.35937 allows attacker to login without using a password...

9.8CVSS6.7AI score0.0131EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:34 a.m.8 views

CVE-2017-18486

Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the server for remote...

7.2CVSS7.5AI score0.04807EPSS
Exploits1References1
Rows per page
Query Builder