CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Hacker News•added 2026/06/06 8:14 a.m.•12 views

CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a high-severity security flaw impacting SolarWinds Serv-U multi-protocol file server software to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability, tracked as...

7.5CVSS5.6AI score0.10659EPSS

Exploits2

RedhatCVE•added 2026/06/05 7:15 p.m.•8 views

CVE-2026-28318

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update...

CISA•added 2026/06/05 12:0 p.m.•23 views

Exploits2References1

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-28318link is external SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability This type of vulnerability is a frequent attack vector for malicious...

7.5CVSS5.4AI score0.10659EPSS

In wildExploits2References6

NCSC•added 2026/06/05 8:34 a.m.•12 views

The vulnerability was exploited in SolarWinds Serv-U.

SolarWinds has identified a vulnerability in Serv-U. A malicious individual could exploit this vulnerability to cause a Denial-of-Service attack by sending a specially crafted POST message. SolarWinds has released a hotfix and published mitigation measures to address this vulnerability and preven...

VulnCheck KEV•added 2026/06/05 12:0 a.m.•18 views

VulnCheck KEV: CVE-2026-28318

In wildExploits2References3

CISA KEV Catalog•added 2026/06/05 12:0 a.m.•13 views

SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability

SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Serv-U service without authentication...

Vulnrichment•added 2026/06/04 2:5 p.m.•10 views

In wildExploits2

CVE-2026-28318 SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability

7.5CVSS5.8AI score0.10659EPSS

ATTACKERKB•added 2026/06/04 2:5 p.m.•6 views

CVE-2026-28318

7.5CVSS5.8AI score0.10659EPSS

Exploits2References3

Cvelist•added 2026/06/04 2:5 p.m.•39 views

CVE-2026-28318 SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability

7.5CVSS0.10659EPSS

CVE•added 2026/06/04 2:5 p.m.•122 views

CVE-2026-28318

SolarWinds Serv-U is affected by an unauthenticated Denial of Service vulnerability triggered by specially crafted POST requests with Content-Encoding: deflate. The issue can crash the Serv-U service, with exploitation observed in reports and advisories. SolarWinds has released a hotfix and mitig...

7.5CVSS5.8AI score0.10659EPSS

In wildExploits2References3Affected Software1

NCSC•added 2026/02/25 10:39 a.m.•9 views

Vulnerabilities fixed in SolarWinds Serv-U

SolarWinds has fixed vulnerabilities in Serv-U. The vulnerabilities are in how Serv-U controls access and processes data types. Attackers with administrative privileges can exploit these vulnerabilities to gain unauthorized system access and execute arbitrary code with elevated privileges. This c...

9.1CVSS6.1AI score0.0057EPSS

Exploits0References1

Vulnrichment•added 2026/02/24 7:41 a.m.•8 views

CVE-2025-40541 SolarWinds Serv-U Insecure Direct Object Reference (IDOR) Remote Code Execution Vulnerability

An Insecure Direct Object Reference IDOR vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because...

9.1CVSS5.7AI score0.0057EPSS

Cvelist•added 2026/02/24 7:41 a.m.•17 views

CVE-2025-40541 SolarWinds Serv-U Insecure Direct Object Reference (IDOR) Remote Code Execution Vulnerability

9.1CVSS0.0057EPSS

Cvelist•added 2026/02/24 7:41 a.m.•20 views

CVE-2025-40540 SolarWinds Serv-U Type Confusion Remote Code Execution Vulnerability

A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services...

9.1CVSS0.00445EPSS

CVE•added 2026/02/24 7:41 a.m.•20 views

CVE-2025-40540

CVE-2025-40540 describes a type-confusion vulnerability in SolarWinds Serv-U that enables arbitrary native code execution with privileged account context when exploited. Affected software is Serv-U; the underlying issue is a type confusion in the product’s code path that can be triggered over the...

9.1CVSS6AI score0.00445EPSS

Exploits0References2Affected Software1

CVE•added 2026/02/24 7:40 a.m.•20 views

CVE-2025-40539

CVE-2025-40539 describes a type confusion vulnerability in SolarWinds Serv-U. The issue allows an attacker to execute arbitrary native code with privileged account privileges, requiring administrative privileges to exploit. The risk can be high in practice, and on Windows deployments the impact i...

9.1CVSS6AI score0.00445EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/02/24 7:40 a.m.•4 views

CVE-2025-40539 SolarWinds Serv-U Type Confusion Remote Code Execution Vulnerability

9.1CVSS6AI score0.00445EPSS