CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

32 matches found

EUVD•added 2026/06/04 2:5 p.m.•12 views

EUVD-2026-34268

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update...

7.5CVSS5.8AI score0.01054EPSS

Exploits2References2

Positive Technologies•added 2026/06/03 12:0 a.m.•12 views

PT-2026-46239

Name of the Vulnerable Software and Affected Versions SolarWinds Serv-U versions prior to 15.5.4 Hotfix 1 Description SolarWinds Serv-U is susceptible to uncontrolled resource consumption when processing compressed HTTP request bodies. An unauthenticated remote attacker can trigger a...

7.8CVSS5.8AI score0.01054EPSS

Exploits2References74

RedhatCVE•added 2026/02/25 10:16 a.m.•6 views

CVE-2025-40539

A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services...

9.1CVSS6AI score0.00445EPSS

Exploits0References1

EUVD•added 2026/02/24 7:41 a.m.•8 views

EUVD-2025-207544

9.1CVSS6AI score0.00445EPSS

Exploits0References2

CVE•added 2026/02/24 7:40 a.m.•16 views

CVE-2025-40538

CVE-2025-40538 affects SolarWinds Serv-U; it describes a broken access control vulnerability that, if abused, enables a malicious actor with domain/admin privileges to create a system administrator account and execute arbitrary code with privileged access. Impact per sources: high/critical across...

9.1CVSS6AI score0.00496EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2026/01/09 9:24 a.m.•4 views

CVE-2023-40053

A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously...

5CVSS6.6AI score0.00833EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:56 a.m.•4 views

CVE-2023-40060

A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4. SolarWinds found that the issue was not completely...

7.2CVSS6.8AI score0.00872EPSS

Exploits0References1

RedhatCVE•added 2025/11/19 9:9 a.m.•10 views

CVE-2025-40547

A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run...

9.1CVSS7AI score0.00818EPSS

Exploits1References1

NVD•added 2025/11/18 9:15 a.m.•3 views

CVE-2025-40548

A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under...

9.1CVSS0.00645EPSS

Exploits0References2

NVD•added 2025/11/18 9:15 a.m.•6 views

CVE-2025-40549

A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory. This issue requires administrative privileges to abuse. On Windows systems, this scored as medium due to differences ...

9.1CVSS0.00984EPSS

Exploits0References2

NVD•added 2025/11/18 9:15 a.m.•4 views

CVE-2025-40547

9.1CVSS0.00818EPSS

Exploits1References2

EUVD•added 2025/11/18 8:38 a.m.•3 views

EUVD-2025-197929

9.1CVSS6.5AI score0.00645EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2021-12187