SolarWinds Serv-U - Directory Traversal

SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. id: CVE-2024-28995 info: name: SolarWinds Serv-U - Directory Traversal author: DhiyaneshDK severity: high description: | SolarWinds Serv-U was susceptibl...

CVE-2025-40540

A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services...

CVE-2025-40541

An Insecure Direct Object Reference IDOR vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because...

CVE-2025-40539

A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services...

CVE-2025-40539 SolarWinds Serv-U Type Confusion Remote Code Execution Vulnerability

A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services...

EUVD-2025-207545

A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services...

PT-2026-21669

Name of the Vulnerable Software and Affected Versions Serv-U affected versions not specified Description A type confusion issue exists in Serv-U, potentially allowing a malicious actor to execute arbitrary native code with privileged account privileges. Exploitation requires administrative...

PT-2026-21671

Name of the Vulnerable Software and Affected Versions Serv-U versions 15.5.3 and earlier Description An Insecure Direct Object Reference IDOR vulnerability exists in Serv-U. Exploitation of this issue allows a malicious actor to execute native code as a privileged account. This requires...

EUVD-2008-4482

Malware in sbrugna...

EUVD-2020-23153

Malware in sbrugna...

EUVD-2020-23152

Malware in sbrugna...

EUVD-2020-20492

Malware in sbrugna...

EUVD-2023-27927

Malicious code in bioql PyPI...

CVE-2021-25179

SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting XSS via the HTTP Host header...

CVE-2021-3154

An issue was discovered in SolarWinds Serv-U before 15.2.2. Unauthenticated attackers can retrieve cleartext passwords via macro Injection. NOTE: this had a distinct fix relative to CVE-2020-35481...

CVE-2020-27994

SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Traversal...

CVE-2020-15541

SolarWinds Serv-U FTP server before 15.2.1 allows remote command execution...

CVE-2024-45712

SolarWinds Serv-U is vulnerable to a client-side cross-site scripting XSS vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session. Therefore the risk is very low...

CVE-2024-45712 SolarWinds Serv-U Client-Side Cross-Site Scripting Vulnerability

SolarWinds Serv-U is vulnerable to a client-side cross-site scripting XSS vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session. Therefore the risk is very low...

CVE-2024-45712

CVE-2024-45712 affects SolarWinds Serv-U. The vulnerability is a client-side cross-site scripting (XSS) issue that can be exploited only by an authenticated user from the local browser session. The documented risk is described as very low. Affected guidance indicates versions prior to 15.5.1 are ...