Filtered by vendor Solarwinds
Subscribe
Total
319 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-40554 | 1 Solarwinds | 1 Web Help Desk | 2026-06-17 | N/A | 9.8 CRITICAL |
| SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk. | |||||
| CVE-2025-40553 | 1 Solarwinds | 1 Web Help Desk | 2026-06-17 | N/A | 9.8 CRITICAL |
| SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication. | |||||
| CVE-2025-40552 | 1 Solarwinds | 1 Web Help Desk | 2026-06-17 | N/A | 9.8 CRITICAL |
| SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication. | |||||
| CVE-2025-40551 | 1 Solarwinds | 1 Web Help Desk | 2026-06-17 | N/A | 9.8 CRITICAL |
| SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication. | |||||
| CVE-2025-40549 | 1 Solarwinds | 1 Serv-u | 2026-06-17 | N/A | 9.1 CRITICAL |
| A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory. This issue requires administrative privileges to abuse. On Windows systems, this scored as medium due to differences in how paths and home directories are handled. | |||||
| CVE-2025-40548 | 1 Solarwinds | 1 Serv-u | 2026-06-17 | N/A | 9.1 CRITICAL |
| A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default. | |||||
| CVE-2025-40547 | 1 Solarwinds | 1 Serv-u | 2026-06-17 | N/A | 9.1 CRITICAL |
| A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default. | |||||
| CVE-2025-40545 | 1 Solarwinds | 1 Observability Self-hosted | 2026-06-17 | N/A | 4.8 MEDIUM |
| SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required. | |||||
| CVE-2025-40541 | 1 Solarwinds | 1 Serv-u | 2026-06-17 | N/A | 9.1 CRITICAL |
| An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default. | |||||
| CVE-2025-40540 | 1 Solarwinds | 1 Serv-u | 2026-06-17 | N/A | 9.1 CRITICAL |
| A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default. | |||||
| CVE-2025-40539 | 1 Solarwinds | 1 Serv-u | 2026-06-17 | N/A | 9.1 CRITICAL |
| A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default. | |||||
| CVE-2025-40538 | 1 Solarwinds | 1 Serv-u | 2026-06-17 | N/A | 9.1 CRITICAL |
| A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default. | |||||
| CVE-2025-40537 | 1 Solarwinds | 1 Web Help Desk | 2026-06-17 | N/A | 7.5 HIGH |
| SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions. | |||||
| CVE-2025-40536 | 1 Solarwinds | 1 Web Help Desk | 2026-06-17 | N/A | 8.1 HIGH |
| SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality. | |||||
| CVE-2025-26400 | 1 Solarwinds | 1 Web Help Desk | 2026-06-17 | N/A | 5.3 MEDIUM |
| SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files. | |||||
| CVE-2025-26399 | 1 Solarwinds | 1 Web Help Desk | 2026-06-17 | N/A | 9.8 CRITICAL |
| SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986. | |||||
| CVE-2025-26398 | 1 Solarwinds | 1 Database Performance Analyzer | 2026-06-17 | N/A | 5.6 MEDIUM |
| SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle (MITM) attack against users. This vulnerability requires additional software not installed by default, local access to the server and administrator level privileges on the host. | |||||
| CVE-2025-26397 | 1 Solarwinds | 1 Observability Self-hosted | 2026-06-17 | N/A | 7.8 HIGH |
| SolarWinds Observability Self-Hosted is susceptible to Deserialization of Untrusted Data Local Privilege Escalation vulnerability. An attacker with low privileges can escalate privileges to run malicious files copied to a permission-protected folder. This vulnerability requires authentication from a low-level account and local access to the host server. | |||||
| CVE-2025-26395 | 1 Solarwinds | 1 Observability Self-hosted | 2026-06-17 | N/A | 7.1 HIGH |
| SolarWinds Observability Self-Hosted was susceptible to a cross-site scripting (XSS) vulnerability due to an unsanitized field in the URL. The attack requires authentication using an administrator-level account and user interaction is required. | |||||
| CVE-2025-26394 | 1 Solarwinds | 1 Observability Self-hosted | 2026-06-17 | N/A | 4.8 MEDIUM |
| SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required. | |||||