Filtered by vendor Solarwinds
Subscribe
Total
314 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-26399 | 1 Solarwinds | 1 Web Help Desk | 2026-03-10 | N/A | 9.8 CRITICAL |
| SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986. | |||||
| CVE-2025-40553 | 1 Solarwinds | 1 Web Help Desk | 2026-02-26 | N/A | 9.8 CRITICAL |
| SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication. | |||||
| CVE-2025-40552 | 1 Solarwinds | 1 Web Help Desk | 2026-02-26 | N/A | 9.8 CRITICAL |
| SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication. | |||||
| CVE-2024-28995 | 1 Solarwinds | 1 Serv-u | 2026-02-26 | N/A | 8.6 HIGH |
| SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. | |||||
| CVE-2023-23841 | 1 Solarwinds | 1 Serv-u | 2026-02-25 | N/A | 7.5 HIGH |
| SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request. Part of the URL of the request discloses sensitive data. | |||||
| CVE-2022-38106 | 1 Solarwinds | 1 Serv-u | 2026-02-25 | N/A | 5.4 MEDIUM |
| This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function. | |||||
| CVE-2021-35226 | 1 Solarwinds | 1 Network Configuration Manager | 2026-02-24 | N/A | 6.5 MEDIUM |
| An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role. | |||||
| CVE-2025-40541 | 1 Solarwinds | 1 Serv-u | 2026-02-24 | N/A | 9.1 CRITICAL |
| An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default. | |||||
| CVE-2025-40540 | 1 Solarwinds | 1 Serv-u | 2026-02-24 | N/A | 9.1 CRITICAL |
| A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default. | |||||
| CVE-2025-40539 | 1 Solarwinds | 1 Serv-u | 2026-02-24 | N/A | 9.1 CRITICAL |
| A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default. | |||||
| CVE-2025-40538 | 1 Solarwinds | 1 Serv-u | 2026-02-24 | N/A | 9.1 CRITICAL |
| A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default. | |||||
| CVE-2025-40536 | 1 Solarwinds | 1 Web Help Desk | 2026-02-13 | N/A | 8.1 HIGH |
| SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality. | |||||
| CVE-2025-40537 | 1 Solarwinds | 1 Web Help Desk | 2026-02-03 | N/A | 7.5 HIGH |
| SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions. | |||||
| CVE-2025-40551 | 1 Solarwinds | 1 Web Help Desk | 2026-02-03 | N/A | 9.8 CRITICAL |
| SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication. | |||||
| CVE-2025-40554 | 1 Solarwinds | 1 Web Help Desk | 2026-02-03 | N/A | 9.8 CRITICAL |
| SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk. | |||||
| CVE-2025-40549 | 1 Solarwinds | 1 Serv-u | 2025-12-02 | N/A | 9.1 CRITICAL |
| A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory. This issue requires administrative privileges to abuse. On Windows systems, this scored as medium due to differences in how paths and home directories are handled. | |||||
| CVE-2025-40548 | 1 Solarwinds | 1 Serv-u | 2025-12-02 | N/A | 9.1 CRITICAL |
| A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default. | |||||
| CVE-2025-40547 | 1 Solarwinds | 1 Serv-u | 2025-12-02 | N/A | 9.1 CRITICAL |
| A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default. | |||||
| CVE-2025-26391 | 1 Solarwinds | 1 Observability Self-hosted | 2025-11-24 | N/A | 5.4 MEDIUM |
| SolarWinds Observability Self-Hosted XSS Vulnerability. The SolarWinds Platform was susceptible to a XSS vulnerability that affects user-created URL fields. This vulnerability requires authentication from a low-level account. | |||||
| CVE-2025-40545 | 1 Solarwinds | 1 Observability Self-hosted | 2025-11-24 | N/A | 4.8 MEDIUM |
| SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required. | |||||