汇总 simple-help 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
常见弱点模式包括 路径处理缺陷、CSRF与文件包含,在 生产负载与软件部署 使用场景中可能带来 文件覆盖与未授权访问 等风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2025-36728 | Cross-Site Request Forgery (CSRF) vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.11. | [email protected] | 6.3 | 0.17% | 2025-07-25 | 2026-06-17 |
| CVE-2025-36727 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.12. | [email protected] | 8.3 | 0.41% | 2025-07-25 | 2026-06-17 |
| CVE-2024-57728 KEV | SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user. | [email protected] | 7.2 | 7.55% | 2025-01-15 | 2026-06-17 |
| CVE-2024-57727 KEV | SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords. | [email protected] | 7.5 | 95.15% | 2025-01-15 | 2026-06-17 |
| CVE-2024-57726 KEV | SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role. | [email protected] | 9.9 | 9.33% | 2025-01-15 | 2026-06-17 |