Lucene search
K

3022 matches found

Nuclei
Nuclei
added 20 hours ago30 views

SolarWinds Web Help Desk - Authentication Bypass

SolarWinds Web Help Desk 12.8.8 HF1 and earlier contains an authentication bypass vulnerability in the WebObjects session handling. By crafting a request with a manipulated path component to an internal admin page endpoint, an unauthenticated attacker can access privileged administrative function...

9.8CVSS7.1AI score0.8413EPSS
Exploits5References4
Nuclei
Nuclei
added 20 hours ago11 views

SolarWinds Web Help Desk - Authentication Bypass

SolarWinds Web Help Desk contains an authentication bypass vulnerability caused by improper access control, letting attackers execute protected actions without authentication, exploit requires no special conditions. id: CVE-2025-40552 info: name: SolarWinds Web Help Desk - Authentication Bypass...

9.8CVSS7.2AI score0.6039EPSS
Exploits1References4
Nuclei
Nuclei
added 20 hours ago58 views

SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting

SolarWinds Database Performance Analyzer 11.1.457 contains a reflected cross-site scripting vulnerability in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI. id: CVE-2018-19386 info: nam...

6.1CVSS6.4AI score0.09044EPSS
Exploits1References5
Nuclei
Nuclei
added 20 hours ago226 views

SolarWinds Serv-U 15.3 - Directory Traversal

SolarWinds Serv-U 15.3 is susceptible to local file inclusion, which may allow an attacker access to installation and server files and also make it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id:...

7.5CVSS7AI score0.14397EPSS
Exploits1References5
Nuclei
Nuclei
added 3 days ago61 views

SolarWinds Orion API - Auth Bypass

SolarWinds Orion API is vulnerable to an authentication bypass vulnerability that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance...

9.8CVSS7.5AI score0.9198EPSS
Exploits3References5
Nuclei
Nuclei
added 4 days ago70 views

SolarWinds Web Help Desk - Hardcoded Credential

The SolarWinds Web Help Desk WHD software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data. id: CVE-2024-28987 info: name: SolarWinds Web Help Desk - Hardcoded Credential author:...

9.1CVSS7.4AI score0.93299EPSS
Exploits5References3
Nuclei
Nuclei
added 4 days ago31 views

SolarWinds Web Help Desk < 12.8.8 Hotfix 1 (HF1) - Security Control Bypass

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality. id: CVE-2025-40536 info: name: SolarWinds Web Help Desk 12.8.8 Hotfix 1 HF1 - Security...

9.8CVSS7.3AI score0.8413EPSS
Exploits4References3
Nuclei
Nuclei
added 2026/07/03 1:39 p.m.29 views

SolarWinds Security Event Manager - Unauthenticated RCE

The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution. id: CVE-2024-0692 info: name: SolarWinds Security Event Manager - Unauthenticated RCE...

8.8CVSS7.6AI score0.91557EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.6 views

SolarWinds Database Performance Analyzer < 2026.2 Stored XSS (CVE-2026-28322)

According to its self-reported version, the SolarWinds Database Performance Analyzer DPA installation on the remote host is prior to 2026.2. It is, therefore, affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution. Note that Nessus h...

5.6CVSS5.8AI score0.00222EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40457

SolarWinds Database Performance Analyzer was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution...

5.6CVSS5.6AI score0.00222EPSS
Exploits0References4
NVD
NVD
added 2026/06/30 11:17 p.m.7 views

CVE-2026-28322

SolarWinds Database Performance Analyzer was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution...

5.6CVSS0.00222EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 10:15 p.m.39 views

CVE-2026-28322 SolarWinds Database Performance Analyzer Stored Cross-Site Scripting Vulnerability

SolarWinds Database Performance Analyzer was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution...

5.6CVSS0.00222EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 10:15 p.m.11 views

CVE-2026-28322

CVE-2026-28322 affects SolarWinds Database Performance Analyzer (DPA). The stored cross-site scripting vulnerability can enable unintended script execution, with the public metrics indicating high impact to confidentiality and integrity, and a medium overall severity (CVSS 3.1: AV=Adjacent, AC=Hi...

5.6CVSS5.6AI score0.00222EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-54014

Name of the Vulnerable Software and Affected Versions SolarWinds Database Performance Analyzer affected versions not specified Description A stored cross-site scripting issue exists that allows for the execution of unintended scripts. Recommendations At the moment, there is no information about a...

5.6CVSS5.9AI score0.00222EPSS
Exploits0References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.138 views

SolarWinds Serv-U - Directory Traversal

SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. id: CVE-2024-28995 info: name: SolarWinds Serv-U - Directory Traversal author: DhiyaneshDK severity: high description: | SolarWinds Serv-U was susceptibl...

8.6CVSS8.3AI score0.99614EPSS
Exploits8References3
GithubExploit
GithubExploit
added 2026/06/12 8:9 p.m.79 views

Exploit for Uncontrolled Resource Consumption in Solarwinds Serv-U

SolarWinds Serv-U Unauthenticated DoS: Safe Detection Script...

7.5CVSS5.9AI score0.10659EPSS
Exploits2
GithubExploit
GithubExploit
added 2026/06/10 7:2 a.m.69 views

Exploit for Uncontrolled Resource Consumption in Solarwinds Serv-U

CVE-2026-28318 — SolarWinds Serv-U "Content-Encoding: deflate"...

7.5CVSS6.5AI score0.10659EPSS
Exploits2
Cvelist
Cvelist
added 2026/06/09 3:41 p.m.33 views

CVE-2026-28301 SolarWinds Observability Self-Hosted Open Redirect Vulnerability

A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website...

4.8CVSS0.0021EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 3:41 p.m.38 views

CVE-2026-28301

Technical specifics (affected products, versions, root cause, exploitability, mitigations) are not provided in the connected documents. Monitor for updates.

4.8CVSS5.5AI score0.0021EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 3:41 p.m.12 views

CVE-2026-28301 SolarWinds Observability Self-Hosted Open Redirect Vulnerability

A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website...

4.8CVSS5.5AI score0.0021EPSS
Exploits0References3
Rows per page
Query Builder