Simplehelp
Sign in to watchby Simple Help
CVEs (4)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-57726 | Cri | 0.86 | 9.9 | 0.45 | KEV | Jan 15, 2025 | SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role. |
| CVE-2024-57728 | Hig | 0.70 | 7.2 | 0.59 | KEV | Jan 15, 2025 | SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user. |
| CVE-2025-36728 | 0.00 | — | 0.00 | Jul 25, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.11. | ||
| CVE-2025-36727 | 0.00 | — | 0.00 | Jul 25, 2025 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.12. |