CVE-2025-11700 N-central Multiple XXE Injection Vulnerabilities

N-central versions 2025.4 are vulnerable to multiple XML External Entities injection leading to information disclosure...

CVE-2025-7051

On N-central, it is possible for any authenticated user to read, write and modify syslog configuration across customers on an N-central server. This vulnerability is present in all deployments of N-central prior to 2025.2...

CVE-2025-8875

Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1...

SolarWinds N-Central 信任管理问题漏洞

SolarWinds N-Central is an IT device management platform from SolarWinds Singapore. The platform provides proactive monitoring of everything on a customer's network, not just servers and workstations, and rapid troubleshooting using features such as MFA, antivirus, integrated endpoint detection a...

CVE-2020-15910

SolarWinds N-Central version 12.3 GA and lower does not set the JSESSIONID attribute to HTTPOnly. This makes it possible to influence the cookie with javascript. An attacker could send the user to a prepared webpage or by influencing JavaScript to the extract the JESSIONID. This could then be...

Ncentral 8.x Insecure Access / Unsalted Passwords / CSRF Vulnerabilities

Ncentral versions 8.0.x through 8.2.0-1152 suffer from insecure SOAP access that leads to an unprivileged SSH session, poor trust based authentication leading to database compromise, plain text password storage, cross site request forgery, and other vulnerabilities. RA001: Multiple vulnerabilitie...

Ncentral 8.x Insecure Access / Unsalted Passwords / CSRF

-------------------------------------------------------------------------------------------------- REDACTED REDACTED REDACTED REDACTED REDACTED REDACTED REDACTED REDACTED REDACTED REDACTED REDACTED ADVISORY ADVISORY ADVISORY ADVISORY ADVISORY ADVISORY ADVISORY ADVISORY ADVISORY ADVISORY ADVISORY...