VulnCheck KEV: CVE-2025-40554

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk...

PT-2026-7491

A stack-use-after-return issue exists in the Arduino Core STM32 library prior to version 1.7.0. The pwm start function allocates a TIM HandleTypeDef structure on the stack and passes its address to HAL initialization routines, where it is stored in a global timer handle registry. After the functi...

SolarWinds Web Help Desk < 12.8.3 - Insecure Deserialization

SolarWinds Web Help Desk before version 12.8.3 contain a critical Java deserialization vulnerability that enables remote code execution. Attackers can exploit this flaw to execute arbitrary commands on the host machine. Initially reported as unauthenticated, SolarWinds was unable to reproduce...

CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk WHD to its Known Exploited Vulnerabilities KEV catalog, flagging it as actively exploited in attacks. The vulnerability, tracked as CVE-2025-40551 CVSS score...

SolarWinds Web Help Desk < 2026.1 Multiple Vulnerabilities

The version of Solarwinds Web Help Desk installed on the remote host is prior to 2026.1. It is, therefore, affected by multiple vulnerabilities. - SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, whic...

CVE-2025-40553

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication...

Multiple Critical SolarWinds Web Help Desk Vulnerabilities: CVE-2025-40551, CVE-2025-40552, CVE-2025-40553, CVE-2025-40554

Overview On January 28, 2026, SolarWinds published an advisory for multiple new vulnerabilities affecting their Web Help Desk product. Web Help Desk is an IT help desk ticketing and asset management software solution. Of the six new CVEs disclosed in the advisory, four are critical, and allow a...

CVE-2025-40554

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk...

EUVD-2025-206480

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk...

CVE-2025-40552 SolarWinds Web Help Desk Authentication Bypass Vulnerability

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication...

CVE-2025-40536 SolarWinds Web Help Desk Security Control Bypass Vulnerability

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality...

CVE-2019-16961

SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name...

CVE-2019-16954

SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket...

CVE-2019-16958

Cross-site Scripting XSS vulnerability in SolarWinds Web Help Desk 12.7.0 allows attacker to inject arbitrary web script or HTML via Location Name...

CVE-2019-16959

SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket...

EUVD-2021-21875

Malware in sbrugna...

EUVD-2019-7438

Malware in sbrugna...

EUVD-2019-7436

Malware in sbrugna...

EUVD-2024-41638

Malicious code in bioql PyPI...

SolarWinds Web Help Desk < 12.8.7 Hotfix 1 Unsafe Deserialization

The version of Solarwinds Web Help Desk installed on the remote host is prior to 12.8.7 Hotfix 1. It is, therefore, affected by an unsafe deserialization vulnerability. - SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution...