← Back to News Iceland Security Dashboard Browse all tags
solarwinds

Solarwinds

serv-u 10web-help-desk 5web help desk 5orion 2virtualization-manager 1virtualization manager 1

CVEs tagged with this vendor (14)

CVE-2016-3643 🚨 Virtualization Manager
CVE-2016-3643 is a local privilege escalation vulnerability in SolarWinds Virtualization Manager versions 6.3.1 and earlier, caused by a misconfiguration of sud…
CVE-2020-10148 🚨 Orion
CVE-2020-10148 is a critical authentication bypass vulnerability in the SolarWinds Orion API, affecting versions 2019.4 HF 5, 2020.2 with no hotfix, and 2020.2 …
CVE-2021-35211 🚨 Serv-U
CVE-2021-35211 is a critical remote code execution vulnerability in SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows versions prior to …
CVE-2021-35247 🚨 Serv-U
CVE-2021-35247 affects SolarWinds Serv-U, where the web login screen's LDAP authentication mechanism failed to sufficiently sanitize input characters. The vulne…
CVE-2024-28986 🚨 Web Help Desk
SolarWinds Web Help Desk contains a Java Deserialization vulnerability (CWE-502) that allows for Remote Code Execution. Although initially reported as unauthent…
CVE-2024-28987 🚨 Web Help Desk
CVE-2024-28987 is a critical hardcoded credential vulnerability in SolarWinds Web Help Desk that allows remote unauthenticated access to internal functionality …
CVE-2024-28995 🚨 Serv-U
SolarWinds Serv-U contains a directory traversal vulnerability (CWE-22) allowing attackers to read sensitive files on the host machine. The vulnerability has a …
CVE-2025-26399 🚨 Web Help Desk
SolarWinds Web Help Desk contains a critical unauthenticated AjaxProxy deserialization vulnerability (CVE-2025-26399) that allows remote code execution on the h…
CVE-2025-40536 🚨 Web Help Desk
SolarWinds Web Help Desk contains a security control bypass vulnerability (CWE-693) that allows unauthenticated attackers to access restricted functionality. Th…
CVE-2025-40551 🚨 Web Help Desk
SolarWinds Web Help Desk contains a critical untrusted data deserialization vulnerability (CWE-502) that allows remote code execution without authentication. Th…
CVE-2025-40538 CVSS 9.1 serv-u
CVE-2025-40538 is a critical broken access control vulnerability (CWE-269) in Serv-U that allows a malicious actor with domain or group admin privileges to crea…
CVE-2025-40539 CVSS 9.1 serv-u
CVE-2025-40540 CVSS 9.1 serv-u
CVE-2025-40541 CVSS 9.1 serv-u

Articles tagged with Solarwinds (30)

INFO
Build Application Firewalls Aim to Stop the Next Supply Chain Attack
SecurityWeek · 2026-05-11
CRITICAL
CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited
The Hacker News · 2026-03-10
HIGH
Buy A Help Desk, Bundle A Remote Access Solution? (SolarWinds Web Help Desk Pre-Auth RCE Chain(s))
WatchTowr Labs · 2026-02-25
HIGH
SolarWinds Patches Four Critical Serv-U Vulnerabilities
SecurityWeek · 2026-02-25
HIGH
NCSC-2026-0069 [1.00] [M/H] Kwetsbaarheden verholpen in SolarWinds Serv-U
NCSC Netherlands · 2026-02-25
CRITICAL
SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution
The Hacker News · 2026-02-25
CRITICAL
New Serv-U bugs extend SolarWinds’ run of high-severity disclosures
CSO Online · 2026-02-25
HIGH
Multiples vulnérabilités dans SolarWinds Serv-U (25 février 2026)
CERT-FR (ANSSI) · 2026-02-25
CRITICAL
Patch these 4 critical, make-me-root SolarWinds bugs ASAP
The Register Security · 2026-02-24
HIGH
Critical SolarWinds Serv-U flaws offer root access to servers
BleepingComputer · 2026-02-24
CRITICAL
Metasploit Wrap-Up 02/13/2026
Rapid7 Research · 2026-02-13
CRITICAL
CISA adds SolarWinds, Microsoft, Apple, Notepad++ vulnerabilities to KEV catalog
Web Discovery · 2026-02-13
MEDIUM
CISA Warns of Exploited SolarWinds, Notepad++, Microsoft Vulnerabilities
SecurityWeek · 2026-02-13
CRITICAL
SolarWinds WHD Attacks Highlight Risks of Exposed Apps
Dark Reading · 2026-02-10
CRITICAL
SolarWinds Web Help Desk Exploitation - February 2026
Elastic Security Labs · 2026-02-10
CRITICAL
SolarWinds WHD zero-days from January are under attack
CSO Online · 2026-02-10
HIGH
Unpatched SolarWinds WHD instances under active attack
Help Net Security · 2026-02-10
HIGH
[UPDATE] [hoch] Linux Kernel: Mehrere Schwachstellen
BSI Germany · 2026-02-10
CRITICAL
Someone's attacking SolarWinds WHD to steal high‑privilege credentials - but we don't know who or how
The Register Security · 2026-02-09
CRITICAL
Threat actors exploit SolarWinds WDH flaws to deploy Velociraptor
BleepingComputer · 2026-02-09
CRITICAL
SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers
The Hacker News · 2026-02-09
MEDIUM
Microsoft Warns of Active SolarWinds Web Help Desk Exploitation -- Redmondmag.com
Web Discovery · 2026-02-09
CRITICAL
Active Exploitation of SolarWinds Web Help Desk (CVE-2025-26399) | Huntress
Web Discovery · 2026-02-09
HIGH
Hackers Actively Exploiting SolarWinds Web Help Desk RCE to Deploy Custom Tools
Web Discovery · 2026-02-09
CRITICAL
Multiple Researchers Confirm Active Exploitation of SolarWinds Web Help Desk Instances - RH-ISAC
Web Discovery · 2026-02-09
CRITICAL
Recent SolarWinds Flaws Potentially Exploited as Zero-Days
SecurityWeek · 2026-02-09
HIGH
Analysis of active exploitation of SolarWinds Web Help Desk
Microsoft Security Blog · 2026-02-07
CRITICAL
Veikleikar hjá SolarWinds, Sangoma og GitLab sem verið er að misnota
CERT-IS · 2026-02-05
CRITICAL
Critical SolarWinds Web Help Desk bug under attack
The Register Security · 2026-02-04
CRITICAL
SolarWinds Web Help Desk Vulnerability Actively Exploited
Infosecurity Magazine · 2026-02-04