Lucene search
K

267 matches found

Microsoft Secure
Microsoft Secure
added 2026/02/07 1:8 a.m.9 views

Analysis of active exploitation of SolarWinds Web Help Desk

The Microsoft Defender Research Team observed a multi‑stage intrusion where threat actors exploited internet‑exposed SolarWinds Web Help Desk WHD instances to get an initial foothold and then laterally moved towards other high-value assets within the organization. However, we have not yet confirm...

9.8CVSS9.6AI score0.8833EPSS
Exploits5
Microsoft Secure
Microsoft Secure
added 2026/02/07 1:8 a.m.12 views

Analysis of active exploitation of SolarWinds Web Help Desk

The Microsoft Defender Research Team observed a multi‑stage intrusion where threat actors exploited internet‑exposed SolarWinds Web Help Desk WHD instances to get an initial foothold and then laterally moved towards other high-value assets within the organization. However, we have not yet confirm...

9.8CVSS9.6AI score0.8833EPSS
Exploits5
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.16 views

SolarWinds Web Help Desk < 12.8.3 - Insecure Deserialization

SolarWinds Web Help Desk before version 12.8.3 contain a critical Java deserialization vulnerability that enables remote code execution. Attackers can exploit this flaw to execute arbitrary commands on the host machine. Initially reported as unauthenticated, SolarWinds was unable to reproduce...

9.8CVSS8.7AI score0.8833EPSS
Exploits1References3
The Hacker News
The Hacker News
added 2026/02/04 5:50 a.m.13 views

CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk WHD to its Known Exploited Vulnerabilities KEV catalog, flagging it as actively exploited in attacks. The vulnerability, tracked as CVE-2025-40551 CVSS score...

9.8CVSS9.4AI score0.84417EPSS
Exploits12
VulnCheck KEV
VulnCheck KEV
added 2026/02/03 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-40551

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication...

9.8CVSS6.1AI score0.8833EPSS
In wildExploits4References4
CISA KEV Catalog
CISA KEV Catalog
added 2026/02/03 12:0 a.m.9 views

SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability

SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication...

9.8CVSS6.1AI score0.8413EPSS
In wildExploits3
NCSC
NCSC
added 2026/02/02 9:47 a.m.9 views

Vulnerabilities fixed in SolarWinds Web Help Desk

SolarWinds has fixed vulnerabilities in SolarWinds Web Help Desk. The vulnerabilities include the ability for unauthenticated attackers to gain access to limited functionality within the system, the use of hard-coded credentials that could grant unauthorized access to administrative functions, an...

9.8CVSS6.2AI score0.8413EPSS
Exploits6References6
GithubExploit
GithubExploit
added 2026/01/31 8:17 a.m.205 views

Exploit for CVE-2025-40554

CVE-2025-40554 Exploitation Suite A comprehensive security te...

9.8CVSS6.2AI score0.81624EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2026/01/30 12:0 a.m.4 views

SolarWinds Web Help Desk < 2026.1 Multiple Vulnerabilities

The version of Solarwinds Web Help Desk installed on the remote host is prior to 2026.1. It is, therefore, affected by multiple vulnerabilities. - SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, whic...

9.8CVSS7.6AI score0.8413EPSS
Exploits6References7
GithubExploit
GithubExploit
added 2026/01/29 2:53 p.m.196 views

Exploit for CVE-2025-40554

CVE-2025-40554 – SolarWinds Web Help Desk Auth Bypass PoC Pro...

9.8CVSS5.9AI score0.58447EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/01/29 9:24 a.m.5 views

CVE-2025-40537

SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions...

7.5CVSS5.8AI score0.00534EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/29 9:24 a.m.6 views

CVE-2025-40554

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk...

9.8CVSS5.8AI score0.58447EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/29 9:24 a.m.6 views

CVE-2025-40552

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication...

9.8CVSS5.9AI score0.49734EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/29 9:24 a.m.6 views

CVE-2025-40553

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication...

9.8CVSS6.2AI score0.6039EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/29 9:24 a.m.5 views

CVE-2025-40536

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality...

9.8CVSS5.9AI score0.81624EPSS
Exploits4References1
The Hacker News
The Hacker News
added 2026/01/29 9:0 a.m.13 views

SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass

SolarWinds has released security updates to address multiple security vulnerabilities impacting SolarWinds Web Help Desk, including four critical vulnerabilities that could result in authentication bypass and remote code execution RCE. The list of vulnerabilities is as follows - CVE-2025-40536 CV...

9.8CVSS8.1AI score0.93159EPSS
Exploits12
Rapid7 Blog
Rapid7 Blog
added 2026/01/28 2:53 p.m.10 views

Multiple Critical SolarWinds Web Help Desk Vulnerabilities: CVE-2025-40551, CVE-2025-40552, CVE-2025-40553, CVE-2025-40554

Overview On January 28, 2026, SolarWinds published an advisory for multiple new vulnerabilities affecting their Web Help Desk product. Web Help Desk is an IT help desk ticketing and asset management software solution. Of the six new CVEs disclosed in the advisory, four are critical, and allow a...

9.8CVSS9.8AI score0.8413EPSS
Exploits6
OSV
OSV
added 2026/01/28 8:16 a.m.11 views

CVE-2025-40552

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication...

9.8CVSS5.8AI score0.6039EPSS
Exploits1References3
OSV
OSV
added 2026/01/28 8:16 a.m.7 views

CVE-2025-40554

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk...

9.8CVSS6AI score0.58447EPSS
Exploits2References2
OSV
OSV
added 2026/01/28 8:16 a.m.5 views

CVE-2025-40551

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication...

9.8CVSS6.1AI score0.8413EPSS
Exploits3References3
Rows per page
Query Builder