Affected Products

Vendor / product matrix with CVE counts sourced from the CPE catalog.

Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
simple-help
15365.8%CRITICAL

Related CVEs

5
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2025-36728Cross-Site Request Forgery (CSRF) vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.11.HIGH8.86.8%Jul 25, 2025
CVE-2025-36727Inclusion of Functionality from Untrusted Control Sphere vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.12.HIGH8.833.9%Jul 25, 2025
CVE-2024-57728SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.HIGH7.2KEV93.8%Jan 15, 2025
CVE-2024-57727SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.HIGH7.5KEV99.9%Jan 15, 2025
CVE-2024-57726SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.CRITICAL9.9KEV94.8%Jan 15, 2025