CVE Tracker
Track known exploited vulnerabilities, CISA KEV alerts, and linked threat intelligence.
Showing 10 of 10 CVEs matching "SolarWinds" · HIGH
SolarWinds Web Help Desk contain a deserialization of untrusted data vulnerability in AjaxProxy that could allow an attacker to run commands on the host machine.
SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality.
SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
SolarWinds Web Help Desk contains a hardcoded credential vulnerability that could allow a remote, unauthenticated user to access internal functionality and modify data.
SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could allow for remote code execution.
SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine.
SolarWinds Serv-U versions 15.2.5 and earlier contain an improper input validation vulnerability that allows attackers to build and send queries without sanitization.
SolarWinds Serv-U contains an unspecified memory escape vulnerability which can allow for remote code execution.
SolarWinds Virtualization Manager allows for privilege escalation through leveraging a misconfiguration of sudo.
SolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands.