Lucene search
K

3392 matches found

Tenable Nessus
Tenable Nessus
added 2025/09/26 12:0 a.m.3 views

SolarWinds Web Help Desk < 12.8.7 Hotfix 1 Unsafe Deserialization

The version of Solarwinds Web Help Desk installed on the remote host is prior to 12.8.7 Hotfix 1. It is, therefore, affected by an unsafe deserialization vulnerability. - SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution...

9.8CVSS6.7AI score0.8833EPSS
Exploits1References2
Snyk
Snyk
added 2025/09/25 4:10 a.m.1 views

Malicious Package

Overview giffgaff-help-site is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2025/09/25 4:10 a.m.3 views

MAL-2025-47555 Malicious code in giffgaff-help-site (npm)

The package giffgaff-help-site was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d70e7af856cf858476096655334fe528a25eb4262ac3c438c7797794e7ec9bb3 Any computer that has this package installed or running should be considered fully...

6.9AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/25 2:53 a.m.3 views

CVE-2025-26399

SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patc...

9.8CVSS8.4AI score0.8833EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2025/09/23 12:46 p.m.5 views

SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw

SolarWinds has released hot fixes to address a critical security flaw impacting its Web Help Desk software that, if successfully exploited, could allow attackers to execute arbitrary commands on susceptible systems. The vulnerability, tracked as CVE-2025-26399 CVSS score: 9.8, has been described ...

9.8CVSS8.8AI score0.8833EPSS
Exploits1
GithubExploit
GithubExploit
added 2025/09/23 11:34 a.m.354 views

Exploit for CVE-2025-26399

CVE-2025-26399 How does this detection method work? This...

9.8CVSS6.7AI score0.8833EPSS
Exploits1
OSV
OSV
added 2025/09/23 5:15 a.m.4 views

CVE-2025-26399

SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patc...

9.8CVSS6.4AI score0.8833EPSS
Exploits1References4
NVD
NVD
added 2025/09/23 5:15 a.m.6 views

CVE-2025-26399

SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patc...

9.8CVSS0.8833EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/09/23 5:7 a.m.11 views

CVE-2025-26399 SolarWinds Web Help Desk Deserialization of Untrusted Data Privilege Escalation Vulnerability

SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patc...

9.8CVSS0.8833EPSS
Exploits1References2
CVE
CVE
added 2025/09/23 5:7 a.m.49 views

CVE-2025-26399

SolarWinds Web Help Desk (WHD) is affected by CVE-2025-26399, an unauthenticated AjaxProxy deserialization vulnerability that enables remote code execution. This is a patch bypass of CVE-2024-28988 (and 2024-28986). In-the-wild activity and security guidance from Microsoft indicate unauthenticate...

9.8CVSS8AI score0.8833EPSS
In wildExploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/23 5:7 a.m.2 views

CVE-2025-26399 SolarWinds Web Help Desk Deserialization of Untrusted Data Privilege Escalation Vulnerability

SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patc...

9.8CVSS8AI score0.8833EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/09/23 12:0 a.m.3 views

SolarWinds Web Help Desk 代码问题漏洞

SolarWinds Web Help Desk is a suite of help desk and asset management software from US-based SolarWinds. The software supports centralized knowledge base, IT asset management, project and task management, and other features. A code issue vulnerability exists in SolarWinds Web Help Desk that stems...

9.8CVSS8AI score0.8833EPSS
Exploits1References2
Zero Day Initiative
Zero Day Initiative
added 2025/09/23 12:0 a.m.7 views

SolarWinds Web Help Desk AjaxProxy Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Web Help Desk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AjaxProxy class. The issue results from the lack of proper validation of...

9.8CVSS7.7AI score0.8833EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/17 8:52 p.m.2 views

Malicious code in epc-help-widget (npm)

The package epc-help-widget was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/09/17 8:52 p.m.1 views

MAL-2025-47433 Malicious code in epc-help-widget (npm)

The package epc-help-widget was found to contain malicious code...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/09/17 12:0 a.m.2 views

PT-2025-39120

Name of the Vulnerable Software and Affected Versions SolarWinds Web Help Desk versions prior to 2026.1 Description An unauthenticated remote code execution flaw exists in the 'AjaxProxy' component of SolarWinds Web Help Desk. The issue is caused by the deserialization of untrusted data, where...

9.8CVSS9.9AI score0.8833EPSS
Exploits1References178
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/16 5:5 p.m.6 views

Malicious code in @operato/help (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1f6886d19c6aa1c28eb93f17ecfde91dc47019cdc7663a5dcbeba05d551c7315 Any computer that has this package installed or running should be considered fully compromised. All...

7.1AI score
Exploits0References6
OSV
OSV
added 2025/09/16 5:5 p.m.3 views

MAL-2025-47256 Malicious code in @operato/help (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1f6886d19c6aa1c28eb93f17ecfde91dc47019cdc7663a5dcbeba05d551c7315 Any computer that has this package installed or running should be considered fully compromised. All...

7.1AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/16 7:57 a.m.5 views

Malicious code in yargs-help-output (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1337d3becd83c0b3dc233069268371bc9e7395311560038f52cbe73384e4efa5 Any computer that has this package installed or running should be considered fully compromised. All...

7.1AI score
Exploits0References7
OSV
OSV
added 2025/09/16 7:57 a.m.2 views

MAL-2025-47366 Malicious code in yargs-help-output (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1337d3becd83c0b3dc233069268371bc9e7395311560038f52cbe73384e4efa5 Any computer that has this package installed or running should be considered fully compromised. All...

7.1AI score
Exploits0References7
Rows per page
Query Builder