SimpleHelp Missing Authorization Vulnerability

SimpleHelp contains a missing authorization vulnerability that could allow low-privileged technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role...

CVE-2026-25932

GLPI (free Asset and IT Management Software) is affected from versions 0.60 up to before 10.0.24. The root cause is improper output encoding/escaping in the Website field of the supplier component, allowing an authenticated technician to store an XSS payload. Impact stated across sources includes...

ZOHO ManageEngine ADManager Plus 安全漏洞

ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO, Inc. designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...

CVE-2025-53113

GLPI contains a permission/authorization bypass in the external links feature. In versions 0.65 through 10.0.18, a technician can use external links to retrieve information about items they do not have rights to see, leading to unauthorized access to sensitive data. This is fixed in version 10.0....

CVE-2024-57726

SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role...

ManageEngine ServiceDesk Plus < 14.9 Build 14920

The version of ManageEngine ServiceDesk Plus installed on the remote host is prior to 14.9 Build 14920. It is, therefore, affected by a vulnerability as referenced in the service-deskCVE-2024-50053 advisory. - A stored cross-site scripting XSS vulnerability allowed authenticated technicians to...

Sailing the Seven Seas Securely from Port to Port – OT Access Security for Ships and Cranes

Operational Technology OT security has affected marine vessel and port operators, since both ships and industrial cranes are being digitalized and automated at a rapid pace, ushering in new types of security challenges. Ships come to shore every six months on average. Container cranes are mostly...

[SECURITY] Fedora 38 Update: sos-4.6.1-1.fc38

Sos is a set of tools that gathers information about system hardware and configuration. The information can then be used for diagnostic purposes and debugging. Sos is commonly used to help support technicians and developers...

[SECURITY] Fedora 39 Update: sos-4.6.1-1.fc39

Sos is a set of tools that gathers information about system hardware and configuration. The information can then be used for diagnostic purposes and debugging. Sos is commonly used to help support technicians and developers...

CVE-2023-39912

Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed...

CVE-2023-23771

Motorola MBTS Base Radio accepts hard-coded backdoor password. The Motorola MBTS Base Radio Man Machine Interface MMI, allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled...

CVE-2023-23771

Motorola MBTS Base Radio accepts hard-coded backdoor password. The Motorola MBTS Base Radio Man Machine Interface MMI, allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled...

CVE-2023-23770

Motorola MBTS Site Controller accepts hard-coded backdoor password. The Motorola MBTS Site Controller Man Machine Interface MMI, allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled...

Hardcoded credentials

Motorola MBTS Site Controller accepts hard-coded backdoor password. The Motorola MBTS Site Controller Man Machine Interface MMI, allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled...

Hardcoded credentials

Motorola MBTS Base Radio accepts hard-coded backdoor password. The Motorola MBTS Base Radio Man Machine Interface MMI, allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled...

CVE-2023-23771

Motorola MBTS Base Radio accepts hard-coded backdoor password. The Motorola MBTS Base Radio Man Machine Interface MMI, allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled...

CVE-2023-23770

Motorola MBTS Site Controller accepts hard-coded backdoor password. The Motorola MBTS Site Controller Man Machine Interface MMI, allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled...

PT-2023-19193 · Motorola · Motorola Mbts Site Controller

Name of the Vulnerable Software and Affected Versions: Motorola MBTS Site Controller affected versions not specified Description: The Motorola MBTS Site Controller Man Machine Interface MMI accepts a hard-coded backdoor password that cannot be changed or disabled, allowing service technicians to...

PT-2023-19194 · Motorola · Motorola Mbts Base Radio

Name of the Vulnerable Software and Affected Versions: Motorola MBTS Base Radio affected versions not specified Description: The Motorola MBTS Base Radio Man Machine Interface MMI accepts a hard-coded backdoor password that cannot be changed or disabled, allowing service technicians to diagnose a...

CVE-2023-0452

Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians...