CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

75 matches found

SimpleHelp <= 5.5.7 - Unauthenticated Path Traversal

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing...

9.1CVSS7.5AI score0.94049EPSS

Exploits2References2

The Hacker News•added 2026/05/04 6:6 p.m.•13 views

Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools

An active phishing campaign has been observed targeting multiple vectors since at least April 2025 with legitimate Remote Monitoring and Management RMM software as a way to establish persistent remote access to compromised hosts. The activity, codenamed VENOMOUSHELPER , has impacted over 80...

6AI score

Exploits0

The Hacker News•added 2026/04/25 5:8 a.m.•13 views

CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X series routers to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The list of...

9.9CVSS9.6AI score0.72844EPSS

Exploits4

CISA•added 2026/04/24 12:0 p.m.•5 views

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2024-7399link is external Samsung MagicINFO 9 Server Path Traversal Vulnerability CVE-2024-57726link is external SimpleHelp Missing Authorization Vulnerability...

9.9CVSS5.4AI score0.72844EPSS

In wildExploits4References9

The Hacker News•added 2026/03/23 10:55 a.m.•2 views

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. The email campaigns take advantage of the urgency and time-sensitive nature of emails to send phishing messages masquerading as refund notices, payroll...

6AI score

Exploits0

The Hacker News•added 2025/10/07 8:15 a.m.•12 views

Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware

Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware. The vulnerability is CVE-2025-10035 CVSS score: 10.0, a critical deserialization bug that could...

10CVSS8.8AI score0.62239EPSS

Exploits2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-22728

Malicious code in bioql PyPI...

8.8CVSS6.5AI score0.00089EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-22726

Malicious code in bioql PyPI...

8.8CVSS6.5AI score0.00284EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•0 views

EUVD-2024-53724

Malicious code in bioql PyPI...

9.9CVSS9.6AI score0.39414EPSS

Exploits0References2

RedhatCVE•added 2025/07/27 5:29 p.m.•4 views

CVE-2025-36727

Inclusion of Functionality from Untrusted Control Sphere vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.12...

8.8CVSS6.6AI score0.00284EPSS

Exploits0References1

RedhatCVE•added 2025/07/27 5:29 p.m.•5 views

CVE-2025-36728

Cross-Site Request Forgery CSRF vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.11...

8.8CVSS6.7AI score0.00089EPSS

Exploits0References1

NVD•added 2025/07/25 5:15 p.m.•2 views

CVE-2025-36728

Cross-Site Request Forgery CSRF vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.11...

8.8CVSS0.00089EPSS

Exploits0References1

OSV•added 2025/07/25 5:15 p.m.•0 views

CVE-2025-36727

Inclusion of Functionality from Untrusted Control Sphere vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.12...

8.8CVSS7.5AI score0.00284EPSS

Exploits0References1

NVD•added 2025/07/25 5:15 p.m.•2 views

CVE-2025-36727

Inclusion of Functionality from Untrusted Control Sphere vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.12...

8.8CVSS0.00284EPSS

Exploits0References1

OSV•added 2025/07/25 5:15 p.m.•2 views

CVE-2025-36728

Cross-Site Request Forgery CSRF vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.11...

8.8CVSS7.5AI score

Exploits0References1

CVE•added 2025/07/25 4:42 p.m.•15 views

CVE-2025-36728

CVE-2025-36728 (SimpleHelp) is a Cross-Site Request Forgery (CSRF) vulnerability affecting SimpleHelp versions prior to 5.5.11. Public records from NVD/Red Hat/CVE lists identify the issue as CSRF with a high impact in the NVD score (high confidentiality, integrity, and availability impact). PT-S...

8.8CVSS6.5AI score0.00089EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/07/25 4:42 p.m.•5 views

CVE-2025-36728 SimpleHelp Cross Site Request Forgery

Cross-Site Request Forgery CSRF vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.11...

6.3CVSS0.00089EPSS

Exploits0References1

Vulnrichment•added 2025/07/25 4:42 p.m.•2 views

CVE-2025-36728 SimpleHelp Cross Site Request Forgery

Cross-Site Request Forgery CSRF vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.11...

6.3CVSS7.3AI score0.00089EPSS

Exploits0References1

Vulnrichment•added 2025/07/25 4:37 p.m.•3 views

CVE-2025-36727 SimpleHelp Inclusion of functionality from untrusted control sphere

Inclusion of Functionality from Untrusted Control Sphere vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.12...

8.3CVSS7.2AI score0.00284EPSS

Exploits0References1

Cvelist•added 2025/07/25 4:37 p.m.•7 views

CVE-2025-36727 SimpleHelp Inclusion of functionality from untrusted control sphere

Inclusion of Functionality from Untrusted Control Sphere vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.12...

8.3CVSS0.00284EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by