CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

865 matches found

EUVD-2026-34268

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update...

7.5CVSS5.8AI score

Exploits0References2

CVE•added yesterday•5 views

CVE-2026-28318

SolarWinds Serv-U is affected by an unauthenticated denial-of-service via specially crafted POST requests using Content-Encoding: deflate. The CVSS v3.1 base score is 7.5 (HIGH) with network access and no privileges required; exploitation would disrupt the service with no impact on confidentialit...

7.5CVSS5.8AI score

Exploits0References2Affected Software1

ATTACKERKB•added yesterday•3 views

CVE-2026-28318

7.5CVSS5.8AI score

Exploits0References3

Cvelist•added yesterday•11 views

CVE-2026-28318 SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability

7.5CVSS

Exploits0References2

Vulnrichment•added yesterday•4 views

CVE-2026-28318 SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability

7.5CVSS5.8AI score

Exploits0References2

Positive Technologies•added yesterday•7 views

PT-2026-46239

7.5CVSS5.8AI score

Exploits0References3

Nuclei•added 2026/05/25 4:37 a.m.•122 views

SolarWinds Serv-U - Directory Traversal

SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. id: CVE-2024-28995 info: name: SolarWinds Serv-U - Directory Traversal author: DhiyaneshDK severity: high description: | SolarWinds Serv-U was susceptibl...

8.6CVSS6AI score0.94396EPSS

Exploits8References3

NCSC•added 2026/02/25 10:39 a.m.•7 views

Vulnerabilities fixed in SolarWinds Serv-U

SolarWinds has fixed vulnerabilities in Serv-U. The vulnerabilities are in how Serv-U controls access and processes data types. Attackers with administrative privileges can exploit these vulnerabilities to gain unauthorized system access and execute arbitrary code with elevated privileges. This c...

9.1CVSS6.1AI score0.00092EPSS

Exploits0References1

RedhatCVE•added 2026/02/25 10:16 a.m.•4 views

CVE-2025-40539

A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services...

9.1CVSS6AI score0.00092EPSS

Exploits0References1

RedhatCVE•added 2026/02/25 10:16 a.m.•4 views

CVE-2025-40540

9.1CVSS6AI score0.00092EPSS

Exploits0References1

RedhatCVE•added 2026/02/25 10:16 a.m.•5 views

CVE-2025-40541

An Insecure Direct Object Reference IDOR vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because...

9.1CVSS5.7AI score0.00012EPSS

Exploits0References1

RedhatCVE•added 2026/02/25 10:16 a.m.•4 views

CVE-2025-40538

A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges. This issue requires administrative privileges to abuse. On...

9.1CVSS6AI score0.00055EPSS

Exploits0References1

The Hacker News•added 2026/02/25 7:4 a.m.•8 views

SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution

SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution. The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below - CVE-2025-40538 - A broken access...

10CVSS6.9AI score0.94396EPSS

Exploits10