CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

66 matches found

CVE•added 2026/06/02 7:31 p.m.•20 views

CVE-2026-28299

The CVE-2026-28299 entry concerns SolarWinds Web Help Desk with a denial-of-service vulnerability that could cause the server to crash due to insufficient memory. Connected sources confirm the issue and provide CVSS:3.1 base score 8.2 (HIGH) with Network attack vector, low attack complexity, no p...

8.2CVSS5.8AI score0.00393EPSS

Exploits0References2Affected Software1

VulnCheck KEV•added 2026/05/01 12:0 a.m.•3 views

VulnCheck KEV: CVE-2025-40554

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk...

9.8CVSS6AI score0.57314EPSS

In wildExploits2References2

CISA KEV Catalog•added 2026/03/09 12:0 a.m.•8 views

SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability

SolarWinds Web Help Desk contain a deserialization of untrusted data vulnerability in AjaxProxy that could allow an attacker to run commands on the host machine...

9.8CVSS5.8AI score0.88527EPSS

In wildExploits1

Positive Technologies•added 2026/02/11 12:0 a.m.•7 views

PT-2026-7491

A stack-use-after-return issue exists in the Arduino Core STM32 library prior to version 1.7.0. The pwm start function allocates a TIM HandleTypeDef structure on the stack and passes its address to HAL initialization routines, where it is stored in a global timer handle registry. After the functi...

5.3CVSS5.8AI score0.00179EPSS

Exploits0References7

Nuclei•added 2026/02/04 7:0 a.m.•13 views

SolarWinds Web Help Desk < 12.8.3 - Insecure Deserialization

SolarWinds Web Help Desk before version 12.8.3 contain a critical Java deserialization vulnerability that enables remote code execution. Attackers can exploit this flaw to execute arbitrary commands on the host machine. Initially reported as unauthenticated, SolarWinds was unable to reproduce...

9.8CVSS8.7AI score0.88527EPSS

Exploits1References3

The Hacker News•added 2026/02/04 5:50 a.m.•10 views

CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk WHD to its Known Exploited Vulnerabilities KEV catalog, flagging it as actively exploited in attacks. The vulnerability, tracked as CVE-2025-40551 CVSS score...

9.8CVSS9.4AI score0.8413EPSS

Exploits12

Tenable Nessus•added 2026/01/30 12:0 a.m.•3 views

SolarWinds Web Help Desk < 2026.1 Multiple Vulnerabilities

The version of Solarwinds Web Help Desk installed on the remote host is prior to 2026.1. It is, therefore, affected by multiple vulnerabilities. - SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, whic...

9.8CVSS7.6AI score0.8413EPSS

Exploits6References7

RedhatCVE•added 2026/01/29 9:24 a.m.•3 views

CVE-2025-40553

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication...

9.8CVSS6.2AI score0.6039EPSS

Exploits1References1

Rapid7 Blog•added 2026/01/28 2:53 p.m.•7 views

Multiple Critical SolarWinds Web Help Desk Vulnerabilities: CVE-2025-40551, CVE-2025-40552, CVE-2025-40553, CVE-2025-40554

Overview On January 28, 2026, SolarWinds published an advisory for multiple new vulnerabilities affecting their Web Help Desk product. Web Help Desk is an IT help desk ticketing and asset management software solution. Of the six new CVEs disclosed in the advisory, four are critical, and allow a...

9.8CVSS9.8AI score0.8413EPSS

Exploits6

ATTACKERKB•added 2026/01/28 7:36 a.m.•9 views

CVE-2025-40554

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk...

9.8CVSS5.8AI score0.57314EPSS

Exploits2References3

EUVD•added 2026/01/28 7:36 a.m.•2 views

EUVD-2025-206480

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk...

9.8CVSS5.8AI score0.57314EPSS

Exploits2References2

ATTACKERKB•added 2026/01/28 7:35 a.m.•3 views

CVE-2025-40553

9.8CVSS6.2AI score0.6039EPSS

Exploits1References3

Cvelist•added 2026/01/28 7:34 a.m.•31 views

CVE-2025-40552 SolarWinds Web Help Desk Authentication Bypass Vulnerability

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication...

9.8CVSS0.51697EPSS

Exploits1References2

Vulnrichment•added 2026/01/28 7:30 a.m.•1 views

CVE-2025-40536 SolarWinds Web Help Desk Security Control Bypass Vulnerability

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality...

8.1CVSS5.9AI score0.81624EPSS

Exploits4References2

RedhatCVE•added 2026/01/07 9:33 a.m.•3 views

CVE-2019-16961

SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name...

5.4CVSS5.8AI score0.0147EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:32 a.m.•6 views

CVE-2019-16954

SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in a Help Request ticket...

5.4CVSS7AI score0.01327EPSS

Exploits1References1