CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When an agent user is renamed or set to invalid the session belonging to the user is keept active. The session can not be used to access ticket data in the case...

4.3CVSS5.6AI score0.00326EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 2:2 a.m.•3 views

CVE-2023-33706

SysAid before 23.2.15 allows Indirect Object Reference IDOR attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp...

6.5CVSS6.8AI score0.0008EPSS

Exploits1References1

Cvelist•added 2025/04/01 5:22 a.m.•11 views

CVE-2024-13567 Awesome Support – WordPress HelpDesk & Support Plugin <= 6.3.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory

The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.3.1 via the 'awesome-support' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored...

7.5CVSS0.00564EPSS

Exploits0References4

RedhatCVE•added 2025/02/15 9:22 a.m.•8 views

CVE-2024-13606

The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'jssupportticketdata' directory. This makes it possible for unauthenticated attackers to extract sensitive data store...

7.5CVSS9.3AI score0.00286EPSS

Exploits0References1

RedhatCVE•added 2025/02/14 6:29 a.m.•5 views

CVE-2024-13601

The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.5 via the 'exportusereraserequest' function due to missing validation on a user controlled key. This makes i...

4.3CVSS9.1AI score0.00133EPSS

Exploits0References1

OSV•added 2025/02/13 10:15 a.m.•0 views

CVE-2024-13606

7.5CVSS7.3AI score

Exploits0References2

OSV•added 2025/02/12 6:15 a.m.•0 views

CVE-2024-13601

4.3CVSS7.3AI score

Exploits0References3

NVD•added 2025/02/12 6:15 a.m.•7 views

CVE-2024-13601

4.3CVSS0.00133EPSS

Exploits0References3

Vulnrichment•added 2025/02/12 5:28 a.m.•8 views

CVE-2024-13601 Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin <= 1.0.5 - Authenticated (Subscriber+) Insecure Direct Object Reference

4.3CVSS4.4AI score0.00133EPSS

Exploits0References3

CNNVD•added 2025/02/12 12:0 a.m.•1 views

WordPress plugin Majestic Support 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin...

4.3CVSS8.3AI score0.00133EPSS

Exploits0References3

RedhatCVE•added 2025/02/07 5:52 p.m.•2 views

CVE-2024-13607

The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.8 via the 'exportusereraserequest' due to missing validation on a user controlled key. This makes it possible for authenticat...

4.3CVSS6.4AI score0.00064EPSS

Exploits0References1

NVD•added 2025/02/04 7:15 a.m.•5 views

CVE-2024-13607

4.3CVSS0.00064EPSS

Exploits0References3

Vulnrichment•added 2025/02/04 6:41 a.m.•3 views

CVE-2024-13607 JS Help Desk – The Ultimate Help Desk & Support Plugin <= 2.8.8 - Authenticated (Subscriber+) Insecure Direct Object Reference

4.3CVSS6.7AI score0.00064EPSS

Exploits0References3

Rows per page