CVE-2020-12608

An issue was discovered in SolarWinds MSP PME Patch Management Engine Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\SolarWinds MSP\SolarWinds.MSP.CacheService\config\. This can lead to code execution by changing the...

EUVD-2019-7435

Malware in sbrugna...

EUVD-2020-7882

Malware in sbrugna...

EUVD-2021-12186

Malware in sbrugna...

EUVD-2025-4971

Malicious code in bioql PyPI...

EUVD-2024-26063

Malicious code in bioql PyPI...

EUVD-2022-50264

Malicious code in bioql PyPI...

EUVD-2024-20963

Malicious code in bioql PyPI...

EUVD-2022-50265

Malicious code in bioql PyPI...

EUVD-2024-25241

Malicious code in bioql PyPI...

EUVD-2024-20973

Malicious code in bioql PyPI...

EUVD-2023-44669

Malicious code in bioql PyPI...

EUVD-2022-39614

Malicious code in bioql PyPI...

CVE-2025-26400

SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection XXE vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files...

CVE-2025-26396

The SolarWinds Dameware Mini Remote Control was determined to be affected by Incorrect Permissions Local Privilege Escalation Vulnerability. This vulnerability requires local access and a valid low privilege account to be susceptible to this vulnerability...

CVE-2021-25275

SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can read database login...

CVE-2021-25276

In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files that include users' password hashes that is world readable and writable. An unprivileged Windows user having access to the server's filesystem can add an FTP user by copying a valid profile file to thi...

CVE-2017-7722

In SolarWinds Log & Event Manager LEM before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" the default username and password. By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the...

CVE-2024-52606

SolarWinds Platform is affected by server-side request forgery vulnerability. Proper input sanitation was not applied allowing for the possibility of a malicious web request...

SolarWinds Kiwi Syslog Server NG 安全漏洞

SolarWinds Kiwi Syslog Server NG is an application from SolarWinds USA. A security vulnerability exists in SolarWinds Kiwi Syslog Server NG versions prior to 1.3.1, which stems from the fact that sensitive data may be exposed to unprivileged users in configuration files...