CVE-2024-57726

CRITICAL Year: 2024
CVSS v3 Score
9.9
Critical
Weakness Type
CWE-862
View all →

Vulnerability Description

SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.

Related Vulnerabilities

CVE-2013-3960

CRITICAL
CVSS:9.9(Critical)

Easytime Studio Easy File Manager 1.1 has a HTTP request security bypass

CWE-8622013

CVE-2019-15954

CRITICAL
CVSS:9.9(Critical)

An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget wit...

CWE-8622019

CVE-2020-36837

CRITICAL
CVSS:9.9(Critical)

The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. This ma...

CWE-8622020

CVE-2023-49742

CRITICAL
CVSS:9.9(Critical)

Missing Authorization vulnerability in Support Genix.This issue affects Support Genix: from n/a through 1.2.3.

CWE-8622023

CVE-2025-22611

CRITICAL
CVSS:9.9(Critical)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to escalate...

CWE-8622025

CVE-2011-4183

CRITICAL
CVSS:9.8(Critical)

A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE open build service prior to 2.1.16.

CWE-8622011