← Back

Solarwinds

solarwinds

317 CVEs • 57 products

Products (57)

Click to collapse
Toggle
Orion Platform
orion_platform
49 CVEs
Serv U
serv-u
39 CVEs
Access Rights Manager
access_rights_manager
32 CVEs
Solarwinds Platform
solarwinds_platform
27 CVEs
Serv U File Server
serv-u_file_server
20 CVEs
Web Help Desk
web_help_desk
20 CVEs
Serv U Ftp Server
serv-u_ftp_server
11 CVEs
Database Performance Analyzer
database_performance_analyzer
10 CVEs
Orion Network Performance Monitor
orion_network_performance_monitor
9 CVEs
N Central
n-central
9 CVEs
Network Performance Monitor
network_performance_monitor
8 CVEs
Observability Self Hosted
observability_self-hosted
8 CVEs
Dameware Mini Remote Control
dameware_mini_remote_control
7 CVEs
Network Configuration Manager
network_configuration_manager
7 CVEs
Tftp Server
tftp_server
6 CVEs
Webhelpdesk
webhelpdesk
6 CVEs
Log And Event Manager
log_and_event_manager
5 CVEs
Kiwi Syslog Server
kiwi_syslog_server
5 CVEs
Orion Web Performance Monitor
orion_web_performance_monitor
4 CVEs
Security Event Manager
security_event_manager
4 CVEs
Server And Application Monitor
server_and_application_monitor
3 CVEs
Storage Manager
storage_manager
3 CVEs
Virtualization Manager
virtualization_manager
3 CVEs
Log & Event Manager
log_&_event_manager
3 CVEs
Patch Manager
patch_manager
3 CVEs
Ftp Voyager
ftp_voyager
2 CVEs
Sftp/scp Server
sftp/scp_server
2 CVEs
Serv U Mft Server
serv-u_mft_server
2 CVEs
Netpath
netpath
2 CVEs
Kiwi Cattools
kiwi_cattools
2 CVEs
Ip Address Manager Web Interface
ip_address_manager_web_interface
1 CVE
Dameware Remote Support
dameware_remote_support
1 CVE
Orion Ip Address Manager
orion_ip_address_manager
1 CVE
Orion Netflow Traffic Analyzer
orion_netflow_traffic_analyzer
1 CVE
Orion Network Configuration Manager
orion_network_configuration_manager
1 CVE
Orion Server And Application Manager
orion_server_and_application_manager
1 CVE
Orion User Device Tracker
orion_user_device_tracker
1 CVE
Orion Voip & Network Quality Manager
orion_voip_&_network_quality_manager
1 CVE
Firewall Security Manager
firewall_security_manager
1 CVE
N Able N Central
n-able_n-central
1 CVE
Storage Resource Monitor
storage_resource_monitor
1 CVE
Backup Profiler
backup_profiler
1 CVE
Storage Profiler
storage_profiler
1 CVE
Network Performance Monitor Orion Platform 2018 Netpath
network_performance_monitor_orion_platform_2018_netpath
1 CVE
Network Performance Monitor Orion Platform 2018 Npm
network_performance_monitor_orion_platform_2018_npm
1 CVE
Serv U Managed File Transfer
serv-u_managed_file_transfer
1 CVE
Dameware
dameware
1 CVE
Managed Service Provider Patch Management Engine
managed_service_provider_patch_management_engine
1 CVE
Advanced Monitoring Agent
advanced_monitoring_agent
1 CVE
Help Desk
help_desk
1 CVE
Orion Job Scheduler
orion_job_scheduler
1 CVE
Pingdom
pingdom
1 CVE
Database Performance Monitor
database_performance_monitor
1 CVE
Sql Sentry
sql_sentry
1 CVE
Engineer's Toolset
engineer's_toolset
1 CVE
Dynamips
dynamips
1 CVE
Network Configuration Monitor
network_configuration_monitor
1 CVE

CVEs (317)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2018-25252
1Solarwinds
1Ftp Voyager
Apr 20, 2026
Apr 4, 2026
6.9 MEDIUM· v4
5.5 MEDIUM· v3
N/A· v2
FTP Voyager 16.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by injecting oversized buffer data into the site profile IP field. Attackers can create a malicious site...Show more
FTP Voyager 16.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by injecting oversized buffer data into the site profile IP field. Attackers can create a malicious site profile containing 500 bytes of repeated characters and paste it into the IP field to trigger a buffer overflow that crashes the FTP Voyager process.Show less
CVE-2026-28298
1Solarwinds
1Observability Self Hosted
Mar 31, 2026
Mar 26, 2026
N/A· v4
8.1 HIGH· v3
N/A· v2
SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.
CVE-2026-28297
1Solarwinds
1Observability Self Hosted
Mar 31, 2026
Mar 26, 2026
N/A· v4
8.7 HIGH· v3
N/A· v2
SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.
CVE-2025-40541
1Solarwinds
1Serv U
Feb 24, 2026
Feb 24, 2026
N/A· v4
7.2 HIGH· v3
N/A· v2
An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account. This issue requires administrative pri...Show more
An Insecure Direct Object Reference (IDOR) vulnerability exists in Serv-U, which when exploited, gives a malicious actor the ability to execute native code as a privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.Show less
CVE-2025-40540
1Solarwinds
1Serv U
Feb 24, 2026
Feb 24, 2026
N/A· v4
7.2 HIGH· v3
N/A· v2
A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. O...Show more
A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.Show less
CVE-2025-40539
1Solarwinds
1Serv U
Feb 24, 2026
Feb 24, 2026
N/A· v4
7.2 HIGH· v3
N/A· v2
A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. O...Show more
A type confusion vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to execute arbitrary native code as privileged account. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.Show less
CVE-2025-40538
1Solarwinds
1Serv U
Feb 24, 2026
Feb 24, 2026
N/A· v4
7.2 HIGH· v3
N/A· v2
A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group...Show more
A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.Show less
CVE-2025-40554
1Solarwinds
1Web Help Desk
Feb 3, 2026
Jan 28, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.
CVE-2025-40553
1Solarwinds
1Web Help Desk
Feb 26, 2026
Jan 28, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This co...Show more
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.Show less
CVE-2025-40552
1Solarwinds
1Web Help Desk
Feb 26, 2026
Jan 28, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.
CVE-2025-40551
1Solarwinds
1Web Help Desk
Feb 4, 2026
Jan 28, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This co...Show more
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.Show less
CVE-2025-40537
1Solarwinds
1Web Help Desk
Feb 3, 2026
Jan 28, 2026
N/A· v4
7.5 HIGH· v3
N/A· v2
SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions.
CVE-2025-40536
1Solarwinds
1Web Help Desk
Feb 13, 2026
Jan 28, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.
CVE-2025-40549
1Solarwinds
1Serv U
Dec 2, 2025
Nov 18, 2025
N/A· v4
9.1 CRITICAL· v3
N/A· v2
A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory. This issue requires administrative pri...Show more
A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory. This issue requires administrative privileges to abuse. On Windows systems, this scored as medium due to differences in how paths and home directories are handled.Show less
CVE-2025-40548
1Solarwinds
1Serv U
Dec 2, 2025
Nov 18, 2025
N/A· v4
9.1 CRITICAL· v3
N/A· v2
A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows de...Show more
A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.Show less
CVE-2025-40547
1Solarwinds
1Serv U
Dec 2, 2025
Nov 18, 2025
N/A· v4
9.1 CRITICAL· v3
N/A· v2
A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Window...Show more
A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default.Show less
CVE-2025-40545
1Solarwinds
1Observability Self Hosted
Nov 24, 2025
Nov 18, 2025
N/A· v4
4.4 MEDIUM· v3
N/A· v2
SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack...Show more
SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required.Show less
CVE-2025-26391
1Solarwinds
1Observability Self Hosted
Nov 24, 2025
Nov 18, 2025
N/A· v4
5.4 MEDIUM· v3
N/A· v2
SolarWinds Observability Self-Hosted XSS Vulnerability. The SolarWinds Platform was susceptible to a XSS vulnerability that affects user-created URL fields. This vulnerability requires authentication from a low-level acc...Show more
SolarWinds Observability Self-Hosted XSS Vulnerability. The SolarWinds Platform was susceptible to a XSS vulnerability that affects user-created URL fields. This vulnerability requires authentication from a low-level account.Show less
CVE-2025-26392
1Solarwinds
1Observability Self Hosted
Nov 12, 2025
Oct 21, 2025
N/A· v4
4.6 MEDIUM· v3
N/A· v2
SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account.
CVE-2025-26399
1Solarwinds
1Web Help Desk
Mar 10, 2026
Sep 23, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. Th...Show more
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.Show less