SolarWinds Web Help Desk - Authentication Bypass

SolarWinds Web Help Desk contains an authentication bypass vulnerability caused by improper access control, letting attackers execute protected actions without authentication, exploit requires no special conditions. id: CVE-2025-40552 info: name: SolarWinds Web Help Desk - Authentication Bypass...

CVE-2026-40552

creationtimestamp| type| source ---|---|--- 2026-04-29 16:42:34+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116488991780858575...

CVE-2026-40552 Remote Code Execution in mpGabinet

mpGabinet is vulnerable to Remote Command Execution. An authorized user with access to the application and direct access to the backend database can achieve system command execution by uploading an attachment and modifying its storage path in the database to reference an attacker-controlled remot...

Exploit for CVE-2025-40552

CVE-2025-40552 and CVE-2025-40553 SolarWinds Web Help Desk Pre...

SolarWinds Web Help Desk < 2026.1 Multiple Vulnerabilities

The version of Solarwinds Web Help Desk installed on the remote host is prior to 2026.1. It is, therefore, affected by multiple vulnerabilities. - SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, whic...

CVE-2025-40552

creationtimestamp| type| source ---|---|--- 2026-01-28 09:49:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdhyoj256b2i 2026-01-28 10:15:16+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdi244m34i2g 2026-01-28 13:21:55+00:00| seen|...

CVE-2025-40552

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication...

MAL-2025-40552 Malicious code in ymagik (npm)

The package ymagik was found to contain malicious code...

CVE-2024-40552

creationtimestamp| type| source ---|---|--- 2024-07-12 19:27:04+00:00| seen| https://t.me/cvedetector/776...

CVE-2024-40552

PublicCMS v4.0.202302.e was discovered to contain a remote commande execution RCE vulnerability via the cmdarray parameter at /site/ScriptComponent.java...

CVE-2024-40552

PublicCMS v4.0.202302.e was discovered to contain a remote commande execution RCE vulnerability via the cmdarray parameter at /site/ScriptComponent.java...

CVE-2024-40552

PublicCMS v4.0.202302.e was discovered to contain a remote commande execution RCE vulnerability via the cmdarray parameter at /site/ScriptComponent.java...

CVE-2023-40552

creationtimestamp| type| source ---|---|--- 2023-09-06 12:17:55+00:00| seen| https://t.me/cibsecurity/69970...

CVE-2023-40552

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Gurcharan Singh Fitness calculators plugin plugin = 2.0.7 versions...

CVE-2023-40552

CVE-2023-40552 affects the WordPress Fitness calculators plugin (versions &lt;= 2.0.7; PatchStack lists vulnerability in

CVE-2022-40552

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none...

CVE-2022-40552

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none...

CVE-2022-40552

CVE-2022-40552 entry is rejected/not used and does not represent an active vulnerability.