Simple-Help Simplehelp vulnerabilities
6 known vulnerabilities affecting simple-help/simplehelp.
Total CVEs
6
CISA KEV
4
actively exploited
Public exploits
1
Exploited in wild
4
Severity breakdown
CRITICAL2HIGH4
Vulnerabilities
Page 1 of 1
CVE-2024-57727P1HIGHCVSS 7.5KEVPoCRansomwarefixed in 5.5.82025-01-15
CVE-2024-57727 [HIGH] CWE-22 CVE-2024-57727: SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulner
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.
nvd
CVE-2026-48558P1CRITICALCVSS 10.0KEVfixed in 5.5.16v6.0-pre-release2026-06-12
CVE-2026-48558 [CRITICAL] CWE-347 CVE-2026-48558: SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass v
SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attac
nvd
CVE-2024-57726P1CRITICALCVSS 9.9KEVRansomwarefixed in 5.5.82025-01-15
CVE-2024-57726 [CRITICAL] CWE-862 CVE-2024-57726: SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges
SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.
nvd
CVE-2024-57728P1HIGHCVSS 7.2KEVRansomwarefixed in 5.5.82025-01-15
CVE-2024-57728 [HIGH] CWE-59 CVE-2024-57728: SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files an
SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.
nvd
CVE-2025-36727P3HIGHCVSS 8.8fixed in 5.5.122025-07-25
CVE-2025-36727 [HIGH] CWE-829 CVE-2025-36727: Inclusion of Functionality from Untrusted Control Sphere vulnerability in Simplehelp.This issue affe
Inclusion of Functionality from Untrusted Control Sphere vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.12.
nvd
CVE-2025-36728P3HIGHCVSS 8.8fixed in 5.5.112025-07-25
CVE-2025-36728 [HIGH] CWE-352 CVE-2025-36728: Cross-Site Request Forgery (CSRF) vulnerability in Simplehelp.This issue affects Simplehelp: before
Cross-Site Request Forgery (CSRF) vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.11.
nvd