Helix Core CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (9 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-6043	1 Perforce	1 Helix Core Server P4d	2026-04-28	N/A
P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user accounts, enumerate existing users, authenticate to accounts with no password set, and access depot contents via the built-in 'remote' user. These default settings, taken together, can lead to unauthorized access to source code repositories and other managed assets. The 2026.1 release, expected in May 2026, enforces secure-by-default configurations on upgrade and new installations
CVE-2024-10314	1 Perforce	1 Helix Core	2026-04-15	N/A
In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the auto-generation function was identified. Reported by Karol Więsek.
CVE-2024-10345	1 Perforce	1 Helix Core	2026-04-15	N/A
In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Karol Więsek.
CVE-2024-8067	1 Perforce	1 Helix Core	2026-04-15	N/A
In versions of Helix Core prior to 2024.1 Patch 2 (2024.1/2655224) a Windows ANSI API Unicode "best fit" argument injection was identified.
CVE-2024-10344	1 Perforce	1 Helix Core	2026-04-15	N/A
In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the refuse function was identified. Reported by Karol Więsek.
CVE-2023-5759	1 Perforce	1 Helix Core	2024-11-21	7.5 High
In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified. Reported by Jason Geffner.
CVE-2023-45849	1 Perforce	1 Helix Core	2024-11-21	9 Critical
An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner.
CVE-2023-45319	1 Perforce	1 Helix Core	2024-11-21	7.5 High
In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified. Reported by Jason Geffner.
CVE-2023-35767	1 Perforce	1 Helix Core	2024-11-21	7.5 High
In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Jason Geffner.

Page 1 of 1.