solarwinds

324 tracked vulnerabilities.

CVE-2026-28322 MEDIUM
SolarWinds Database Performance Analyzer Stored Cross-Site Scripting Vulnerability
Jun 30, 2026
CVSS 5.6
EPSS 0.00
CVE-2026-28301 MEDIUM
SolarWinds Observability Self-Hosted Open Redirect Vulnerability
Jun 09, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-28318 HIGH KEV
SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability
Jun 04, 2026
CVSS 7.5
EPSS 0.11
CVE-2026-28299 HIGH
SolarWinds Web Help Desk Denial-of-Service Vulnerability
Jun 02, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-28298 MEDIUM
SolarWinds Observability Self-Hosted Stored Cross-Site Scripting Vulnerability
Mar 26, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-28297 MEDIUM
SolarWinds Observability Self-Hosted Stored Cross-Site Scripting Vulnerability
Mar 26, 2026
CVSS 6.1
EPSS 0.00
CVE-2025-40541 CRITICAL
SolarWinds Serv-U < 15.5.4 - Authenticated Insecure Direct Object Reference
Feb 24, 2026
CVSS 9.1
EPSS 0.01
CVE-2025-40540 CRITICAL
SolarWinds Serv-U < 15.5.4 - Authenticated Remote Code Execution via Type Confusion
Feb 24, 2026
CVSS 9.1
EPSS 0.00
CVE-2025-40539 CRITICAL
SolarWinds Serv-U < 15.5.4 - Authenticated Remote Code Execution via Type Confusion
Feb 24, 2026
CVSS 9.1
EPSS 0.00
CVE-2025-40538 CRITICAL
SolarWinds Serv-U < 15.5.4 - Authenticated Privilege Escalation via Admin User Creation
Feb 24, 2026
CVSS 9.1
EPSS 0.00
CVE-2025-40554 CRITICAL NUCLEI
SolarWinds Web Help Desk < 2026.1 - Authentication Bypass
Jan 28, 2026
CVSS 9.8
EPSS 0.58
CVE-2025-40553 CRITICAL
SolarWinds Web Help Desk < 2026.1 - Unauthenticated Remote Code Execution via Untrusted Data Deserialization
Jan 28, 2026
CVSS 9.8
EPSS 0.60
CVE-2025-40552 CRITICAL NUCLEI
SolarWinds Web Help Desk < 2026.1 - Authentication Bypass
Jan 28, 2026
CVSS 9.8
EPSS 0.50
CVE-2025-40551 CRITICAL KEVNUCLEI
SolarWinds Web Help Desk < 2026.1 - Unauthenticated Remote Code Execution via Untrusted Data Deserialization
Jan 28, 2026
CVSS 9.8
EPSS 0.84
CVE-2025-40537 HIGH
SolarWinds Web Help Desk < 2026.1 - Use of Hard-coded Credentials
Jan 28, 2026
CVSS 7.5
EPSS 0.01
CVE-2025-40536 HIGH KEVNUCLEI
SolarWinds Web Help Desk unauthenticated RCE
Jan 28, 2026
CVSS 8.1
EPSS 0.82
CVE-2025-40549 CRITICAL
SolarWinds Serv-U < 15.5.3 - Authenticated Path Traversal
Nov 18, 2025
CVSS 9.1
EPSS 0.01
CVE-2025-40548 CRITICAL
SolarWinds Serv-U < 15.5.3 - Authenticated Privilege Escalation
Nov 18, 2025
CVSS 9.1
EPSS 0.01
CVE-2025-40547 CRITICAL
SolarWinds Serv-U < 15.5.3 - Authenticated Remote Code Execution
Nov 18, 2025
CVSS 9.1
EPSS 0.01
CVE-2025-40545 MEDIUM
SolarWinds Observability Self-Hosted < 2025.4.1 - Authenticated Open Redirect via Unsanitized URL
Nov 18, 2025
CVSS 4.8
EPSS 0.00
CVE-2025-26391 MEDIUM
SolarWinds Observability Self-Hosted < 2025.4.1 - Authenticated Stored Cross-Site Scripting in User-Created URL Fields
Nov 18, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-26392 MEDIUM
SolarWinds Observability Self-Hosted < 2025.4 - Authenticated SQL Injection
Oct 21, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-26399 CRITICAL KEV
SolarWinds Web Help Desk < 12.8.6 - Unauthenticated Remote Code Execution via AjaxProxy Deserialization
Sep 23, 2025
CVSS 9.8
EPSS 0.88
CVE-2025-26398 MEDIUM
SolarWinds Database Performance Analyzer < 2025.3 - Use of Hard-coded Cryptographic Key
Aug 12, 2025
CVSS 5.6
EPSS 0.00
CVE-2025-26400 MEDIUM
SolarWinds Web Help Desk < 12.8.7 - XML External Entity Injection
Jul 29, 2025
CVSS 5.3
EPSS 0.00