Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-26391 | 1 Solarwinds | 1 Observability Self-hosted | 2025-11-24 | N/A | 5.4 MEDIUM |
| SolarWinds Observability Self-Hosted XSS Vulnerability. The SolarWinds Platform was susceptible to a XSS vulnerability that affects user-created URL fields. This vulnerability requires authentication from a low-level account. | |||||
| CVE-2025-40545 | 1 Solarwinds | 1 Observability Self-hosted | 2025-11-24 | N/A | 4.8 MEDIUM |
| SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required. | |||||
| CVE-2025-26394 | 1 Solarwinds | 1 Observability Self-hosted | 2025-11-12 | N/A | 4.8 MEDIUM |
| SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required. | |||||
| CVE-2025-26395 | 1 Solarwinds | 1 Observability Self-hosted | 2025-11-12 | N/A | 7.1 HIGH |
| SolarWinds Observability Self-Hosted was susceptible to a cross-site scripting (XSS) vulnerability due to an unsanitized field in the URL. The attack requires authentication using an administrator-level account and user interaction is required. | |||||
| CVE-2025-26397 | 1 Solarwinds | 1 Observability Self-hosted | 2025-11-12 | N/A | 7.8 HIGH |
| SolarWinds Observability Self-Hosted is susceptible to Deserialization of Untrusted Data Local Privilege Escalation vulnerability. An attacker with low privileges can escalate privileges to run malicious files copied to a permission-protected folder. This vulnerability requires authentication from a low-level account and local access to the host server. | |||||
| CVE-2025-26392 | 1 Solarwinds | 1 Observability Self-hosted | 2025-11-12 | N/A | 5.4 MEDIUM |
| SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account. | |||||