Lucene search
K

3022 matches found

Nuclei
Nuclei
added yesterday30 views

SolarWinds Web Help Desk - Authentication Bypass

SolarWinds Web Help Desk 12.8.8 HF1 and earlier contains an authentication bypass vulnerability in the WebObjects session handling. By crafting a request with a manipulated path component to an internal admin page endpoint, an unauthenticated attacker can access privileged administrative function...

9.8CVSS7.1AI score0.8413EPSS
Exploits5References4
Nuclei
Nuclei
added yesterday59 views

SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting

SolarWinds Database Performance Analyzer 11.1.457 contains a reflected cross-site scripting vulnerability in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI. id: CVE-2018-19386 info: nam...

6.1CVSS6.4AI score0.09044EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday31 views

SolarWinds Web Help Desk < 12.8.8 Hotfix 1 (HF1) - Security Control Bypass

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality. id: CVE-2025-40536 info: name: SolarWinds Web Help Desk 12.8.8 Hotfix 1 HF1 - Security...

9.8CVSS7AI score0.8413EPSS
Exploits4References3
Nuclei
Nuclei
added yesterday12 views

SolarWinds Web Help Desk - Authentication Bypass

SolarWinds Web Help Desk contains an authentication bypass vulnerability caused by improper access control, letting attackers execute protected actions without authentication, exploit requires no special conditions. id: CVE-2025-40552 info: name: SolarWinds Web Help Desk - Authentication Bypass...

9.8CVSS7.2AI score0.6039EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday226 views

SolarWinds Serv-U 15.3 - Directory Traversal

SolarWinds Serv-U 15.3 is susceptible to local file inclusion, which may allow an attacker access to installation and server files and also make it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id:...

7.5CVSS7AI score0.14656EPSS
Exploits1References5
Nuclei
Nuclei
added 6 days ago61 views

SolarWinds Orion API - Auth Bypass

SolarWinds Orion API is vulnerable to an authentication bypass vulnerability that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance...

9.8CVSS7.5AI score0.9198EPSS
Exploits3References5
Nuclei
Nuclei
added last week70 views

SolarWinds Web Help Desk - Hardcoded Credential

The SolarWinds Web Help Desk WHD software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data. id: CVE-2024-28987 info: name: SolarWinds Web Help Desk - Hardcoded Credential author:...

9.1CVSS7.4AI score0.93299EPSS
Exploits5References3
Nuclei
Nuclei
added 2026/07/03 1:39 p.m.29 views

SolarWinds Security Event Manager - Unauthenticated RCE

The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution. id: CVE-2024-0692 info: name: SolarWinds Security Event Manager - Unauthenticated RCE...

8.8CVSS7.6AI score0.91557EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.7 views

SolarWinds Database Performance Analyzer < 2026.2 Stored XSS (CVE-2026-28322)

According to its self-reported version, the SolarWinds Database Performance Analyzer DPA installation on the remote host is prior to 2026.2. It is, therefore, affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution. Note that Nessus h...

5.6CVSS5.8AI score0.00222EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40457

SolarWinds Database Performance Analyzer was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution...

5.6CVSS5.6AI score0.00222EPSS
Exploits0References4
NVD
NVD
added 2026/06/30 11:17 p.m.8 views

CVE-2026-28322

SolarWinds Database Performance Analyzer was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution...

5.6CVSS0.00222EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 10:15 p.m.12 views

CVE-2026-28322

CVE-2026-28322 affects SolarWinds Database Performance Analyzer (DPA). The stored cross-site scripting vulnerability can enable unintended script execution, with the public metrics indicating high impact to confidentiality and integrity, and a medium overall severity (CVSS 3.1: AV=Adjacent, AC=Hi...

5.6CVSS5.6AI score0.00222EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 10:15 p.m.40 views

CVE-2026-28322 SolarWinds Database Performance Analyzer Stored Cross-Site Scripting Vulnerability

SolarWinds Database Performance Analyzer was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution...

5.6CVSS0.00222EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-54014

Name of the Vulnerable Software and Affected Versions SolarWinds Database Performance Analyzer affected versions not specified Description A stored cross-site scripting issue exists that allows for the execution of unintended scripts. Recommendations At the moment, there is no information about a...

5.6CVSS5.9AI score0.00222EPSS
Exploits0References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.138 views

SolarWinds Serv-U - Directory Traversal

SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. id: CVE-2024-28995 info: name: SolarWinds Serv-U - Directory Traversal author: DhiyaneshDK severity: high description: | SolarWinds Serv-U was susceptibl...

8.6CVSS8.3AI score0.99614EPSS
Exploits8References3
GithubExploit
GithubExploit
added 2026/06/12 8:9 p.m.82 views

Exploit for Uncontrolled Resource Consumption in Solarwinds Serv-U

SolarWinds Serv-U Unauthenticated DoS: Safe Detection Script...

7.5CVSS5.9AI score0.10659EPSS
Exploits2
GithubExploit
GithubExploit
added 2026/06/10 7:2 a.m.74 views

Exploit for Uncontrolled Resource Consumption in Solarwinds Serv-U

CVE-2026-28318 — SolarWinds Serv-U "Content-Encoding: deflate"...

7.5CVSS6.5AI score0.10659EPSS
Exploits2
Cvelist
Cvelist
added 2026/06/09 3:41 p.m.33 views

CVE-2026-28301 SolarWinds Observability Self-Hosted Open Redirect Vulnerability

A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website...

4.8CVSS0.0021EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 3:41 p.m.12 views

CVE-2026-28301 SolarWinds Observability Self-Hosted Open Redirect Vulnerability

A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website...

4.8CVSS5.5AI score0.0021EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 3:41 p.m.39 views

CVE-2026-28301

Technical specifics (affected products, versions, root cause, exploitability, mitigations) are not provided in the connected documents. Monitor for updates.

4.8CVSS5.5AI score0.0021EPSS
Exploits0References3
Rows per page
Query Builder