Metasploit Wrap-Up 02/13/2026

SolarWinds Web Help Desk Our very own sfewer-r7 has developed an exploit module for the SolarWinds Web Help Desk vulnerabilities CVE-2025-40536 and CVE-2025-40551. On successful exploitation the session will be as running as NT AUTHORITY\SYSTEM. For more information see the Rapid7’s SolarWinds We...

SolarWinds Web Help Desk unauthenticated RCE

This module exploits an access control bypass vulnerability CVE-2025-40536 and an unsafe deserialization vulnerability CVE-2025-40551 to achieve unauthenticated RCE against a vulnerable SolarWinds Web Help Desk WHD server. Module Options msf use exploit/multi/http/solarwindswebhelpdeskrce msf...

📄 SolarWinds Web Help Desk Unauthenticated Remote Code Execution

This Metasploit module exploits an access control bypass vulnerability CVE-2025-40536 and an unsafe deserialization vulnerability CVE-2025-40551 to achieve unauthenticated remote code execution against a vulnerable SolarWinds Web Help Desk WHD server. This module requires Metasploit:...

PT-2026-7491

A stack-use-after-return issue exists in the Arduino Core STM32 library prior to version 1.7.0. The pwm start function allocates a TIM HandleTypeDef structure on the stack and passes its address to HAL initialization routines, where it is stored in a global timer handle registry. After the functi...

SolarWinds Web Help Desk < 2026.1 Multiple Vulnerabilities

The version of Solarwinds Web Help Desk installed on the remote host is prior to 2026.1. It is, therefore, affected by multiple vulnerabilities. - SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, whic...

Multiple Critical SolarWinds Web Help Desk Vulnerabilities: CVE-2025-40551, CVE-2025-40552, CVE-2025-40553, CVE-2025-40554

Overview On January 28, 2026, SolarWinds published an advisory for multiple new vulnerabilities affecting their Web Help Desk product. Web Help Desk is an IT help desk ticketing and asset management software solution. Of the six new CVEs disclosed in the advisory, four are critical, and allow a...

CVE-2025-40551

creationtimestamp| type| source ---|---|--- 2026-01-28 10:02:01+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdhzegua562m 2026-01-28 10:04:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdhzi6koa42c 2026-01-28 13:21:55+00:00| seen|...

Linux Distros Unpatched Vulnerability : CVE-2023-40551

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's...

MAL-2025-40551 Malicious code in ylsearch (npm)

The package ylsearch was found to contain malicious code...

TencentOS Server 4: shim (TSSA-2024:0566)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0566 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

CLSA-2025-1742806677 shim: Fix of 4 CVEs

Make this package installable only on a system having a either Almalinux or Cloudlinux signed kernel - Update to shim-15.8 and fix the following CVEs: Resolves: CVE-2023-40546 Resolves: CVE-2023-40547 Resolves: СVE-2023-40548 Resolves: СVE-2023-40549 Resolves: CVE-2023-40550 Resolves:...

Azure Linux 3.0 Security Update: shim (CVE-2023-40551)

The version of shim installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-40551 advisory. - A flaw was found in the MZ binary format in Shim. An out-of-bounds read May occur, leading to a crash or...

CVE-2023-40551 affecting package shim for versions less than 15.8-5

CVE-2023-40551 affecting package shim for versions less than 15.8-5. An upgraded version of the package is available that resolves this issue...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-2660)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-2626)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CBL Mariner 2.0 Security Update: shim (CVE-2023-40551)

The version of shim installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-40551 advisory. - A flaw was found in the MZ binary format in Shim. An out-of-bounds read May occur, leading to a crash or...

Security Bulletin: Vulnerabilities in shim library (CVE-2023-40546, CVE-2023-40547, CVE-2023-40548, CVE-2023-40549, CVE-2023-40550, CVE-2023-40551) affect Power HMC.

Summary The shim library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-40546 DESCRIPTION: rhboot shim is vulnerable to a denial of service, caused by a NULL pointer dereference f;aw in the mirroroneesl function in...

CVE-2023-40551 affecting package shim for versions less than 15.8-1

CVE-2023-40551 affecting package shim for versions less than 15.8-1. An upgraded version of the package is available that resolves this issue...

CLSA-2024-1724271309 shim: Fix of 4 CVEs

Make this package installable only on a system having Cloudlinux signed components: grub2 and kernel - Update to shim-15.8 and fix the following CVEs: Resolves: CVE-2023-40546 Resolves: CVE-2023-40547 Resolves: СVE-2023-40548 Resolves: СVE-2023-40549 Resolves: CVE-2023-40550 Resolves:...

CVE-2024-40551

creationtimestamp| type| source ---|---|--- 2024-07-12 19:26:48+00:00| seen| https://t.me/cvedetector/765...