cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-57726,https://securityvulnerability.io/vulnerability/CVE-2024-57726,"Low-Privilege Technicians Can Create API Keys with Excessive Permissions, Allowing Elevated Access","A vulnerability in SimpleHelp remote support software versions 5.5.7 and prior allows low-privilege technicians to generate API keys with excessive permissions. This flaw can lead to unauthorized privilege escalation, granting attackers the ability to assume the server admin role. Ensuring that your version of SimpleHelp is updated is crucial to maintaining a secure environment and protecting sensitive data.",SimpleHelp,Simplehelp,9.9,CRITICAL,0.0005000000237487257,false,,true,true,true,2025-02-07T05:20:55.000Z,false,true,false,,2025-01-15T00:00:00.000Z,4721
CVE-2024-57727,https://securityvulnerability.io/vulnerability/CVE-2024-57727,Path Traversal Vulnerabilities in SimpleHelp Remote Support Software,"The SimpleHelp Remote Support Software version 5.5.7 and earlier is susceptible to multiple path traversal vulnerabilities. These vulnerabilities allow unauthenticated remote attackers to exploit the system by crafting specific HTTP requests. Through this exploitation, attackers can download arbitrary files from the host server, potentially exposing sensitive data such as server configuration files, secrets, and hashed user passwords. This vulnerability highlights the critical need for timely updates and robust security measures to protect sensitive information from unauthorized access.",SimpleHelp,SimpleHelp,7.5,HIGH,0.31384000182151794,true,2025-02-13T00:00:00.000Z,true,false,true,2025-01-18T00:45:51.000Z,true,false,false,,2025-01-15T00:00:00.000Z,529
CVE-2024-57728,https://securityvulnerability.io/vulnerability/CVE-2024-57728,Arbitrary File Upload Vulnerability in SimpleHelp Remote Support Software,"The SimpleHelp Remote Support Software, versions 5.5.7 and earlier, is susceptible to an arbitrary file upload vulnerability. This flaw allows admin users to upload specially crafted zip files, which can exploit a phenomenon known as 'zip slip'. By leveraging this vulnerability, malicious actors can potentially upload arbitrary files to any directory on the file system, leading to unauthorized code execution in the context of the server user, creating a serious security risk for businesses relying on this software. Users are advised to update to the latest version to mitigate the threat.",SimpleHelp,SimpleHelp,7.2,HIGH,0.0004900000058114529,false,,true,true,true,2025-01-15T10:15:13.000Z,false,false,false,,2025-01-15T00:00:00.000Z,0