24h | 7d | 30d

CVE-2025-40537

Overview

  • SolarWinds
  • Web Help Desk
28 Jan 2026
Published
28 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.02%
KEV

Description

SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions.

Statistics

  • 1 Post
Last activity: 18 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

๐ŸŸ  CVE-2025-40537 - High (7.5)

SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions.

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 18h ago

CVE-2025-40552

Overview

  • SolarWinds
  • Web Help Desk
28 Jan 2026
Published
28 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.05%
KEV

Description

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.

Statistics

  • 2 Posts
Last activity: 5 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

๐Ÿ”ด CVE-2025-40552 - Critical (9.8)

SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 18h ago
Profile picture
TheHackerWire @thehackerwire

SolarWinds has just announced four high-severity vulnerabilities in its Web Help Desk (WHD) software that could lead to full system takeover.

These flaws include unauthenticated Remote Code Execution (RCE) via insecure deserialization and multiple Authentication Bypasses, allowing attackers to execute protected methods without any credentials.

CVE-2025-40551 & CVE-2025-40553 (Unauthenticated RCE)
CVE-2025-40552 & CVE-2025-40554 (Auth Bypass)

thehackerwire.com/solarwinds-p

  • 0
  • 0
  • 0
  • 5h ago

CVE-2025-40553

Overview

  • SolarWinds
  • Web Help Desk
28 Jan 2026
Published
28 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.65%
KEV

Description

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.

Statistics

  • 2 Posts
Last activity: 5 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

๐Ÿ”ด CVE-2025-40553 - Critical (9.8)

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without au...

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 18h ago
Profile picture
TheHackerWire @thehackerwire

SolarWinds has just announced four high-severity vulnerabilities in its Web Help Desk (WHD) software that could lead to full system takeover.

These flaws include unauthenticated Remote Code Execution (RCE) via insecure deserialization and multiple Authentication Bypasses, allowing attackers to execute protected methods without any credentials.

CVE-2025-40551 & CVE-2025-40553 (Unauthenticated RCE)
CVE-2025-40552 & CVE-2025-40554 (Auth Bypass)

thehackerwire.com/solarwinds-p

  • 0
  • 0
  • 0
  • 5h ago

CVE-2025-40536

Overview

  • SolarWinds
  • Web Help Desk
28 Jan 2026
Published
28 Jan 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
0.24%
KEV

Description

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.

Statistics

  • 1 Post
Last activity: 17 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

๐ŸŸ  CVE-2025-40536 - High (8.1)

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 17h ago

CVE-2022-22265

Overview

  • Samsung Mobile
  • Samsung Mobile Devices
07 Jan 2022
Published
21 Oct 2025
Updated
CVSS v3.1
MEDIUM (5.0)
EPSS
0.16%
KEV

Description

An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.

Statistics

  • 1 Post
Last activity: 4 hours ago

Fediverse

Profile picture
Javier Partido Rufo @javierprtd

18/08/2024: I just released the blog explaining how I leveraged CVE-2022-22265 in the Samsung npu driver. Double free to achieve UAF over signalfd + cross cache + Dirty Page Table + code inject into libbase.so for execution by init. Hope you can enjoy it soez.github.io/posts/CVE-2022-

  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-23830

Overview

  • nyariv
  • SandboxJS
27 Jan 2026
Published
28 Jan 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.16%
KEV

Description

SandboxJS is a JavaScript sandboxing library. Versions prior to 0.8.26 have a sandbox escape vulnerability due to `AsyncFunction` not being isolated in `SandboxFunction`. The library attempts to sandbox code execution by replacing the global `Function` constructor with a safe, sandboxed version (`SandboxFunction`). This is handled in `utils.ts` by mapping `Function` to `sandboxFunction` within a map used for lookups. However, before version 0.8.26, the library did not include mappings for `AsyncFunction`, `GeneratorFunction`, and `AsyncGeneratorFunction`. These constructors are not global properties but can be accessed via the `.constructor` property of an instance (e.g., `(async () => {}).constructor`). In `executor.ts`, property access is handled. When code running inside the sandbox accesses `.constructor` on an async function (which the sandbox allows creating), the `executor` retrieves the property value. Since `AsyncFunction` was not in the safe-replacement map, the `executor` returns the actual native host `AsyncFunction` constructor. Constructors for functions in JavaScript (like `Function`, `AsyncFunction`) create functions that execute in the global scope. By obtaining the host `AsyncFunction` constructor, an attacker can create a new async function that executes entirely outside the sandbox context, bypassing all restrictions and gaining full access to the host environment (Remote Code Execution). Version 0.8.26 patches this vulnerability.

Statistics

  • 1 Post
Last activity: 12 hours ago

Bluesky

Profile picture
Securitycipher @securitycipher.bsky.social
Escaping the Matrix: A Deep Dive into SandboxJS RCE (CVE-2026โ€“23830) https://medium.com/@meysam_bal-afkan/escaping-the-matrix-a-deep-dive-into-sandboxjs-rce-cve-2026-23830-1fbbca3f46fc?source=rss------bug_bounty-5
  • 0
  • 0
  • 0
  • 12h ago

CVE-2025-68662

Overview

  • discourse
  • discourse
28 Jan 2026
Published
28 Jan 2026
Updated
CVSS v3.1
HIGH (7.6)
EPSS
Pending
KEV

Description

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in FinalDestination could allow bypassing SSRF protections under certain conditions. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. No known workarounds are available.

Statistics

  • 1 Post
Last activity: 7 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

๐ŸŸ  CVE-2025-68662 - High (7.6)

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in FinalDestination could allow bypassing SSRF protections under certain conditions. This issue is patched...

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 7h ago

CVE-2025-33218

Overview

  • NVIDIA
  • GeForce
28 Jan 2026
Published
28 Jan 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
Pending
KEV

Description

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.

Statistics

  • 1 Post
Last activity: 9 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

๐ŸŸ  CVE-2025-33218 - High (7.8)

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution, escalation of privi...

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 9h ago

CVE-2026-24798

Overview

  • GaijinEntertainment
  • DagorEngine
27 Jan 2026
Published
27 Jan 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.04%
KEV

Description

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GaijinEntertainment DagorEngine (prog/3rdPartyLibs/miniupnpc modules). This vulnerability is associated with program files upnpreplyparse.C. This issue affects DagorEngine: through dagor_2025_01_15.

Statistics

  • 1 Post
Last activity: 18 hours ago

Bluesky

Profile picture
BaseFortify.eu @basefortify.bsky.social
๐Ÿšจ Critical memory corruption flaw disclosed: CVE-2026-24798 affects Gaijin Entertainmentโ€™s DagorEngine and can lead to crashes or potential code execution due to improper memory buffer restrictions. Full report: basefortify.eu/cve_reports/... #CVE #DagorEngine #GameSecurity ๐ŸŽฎ
  • 0
  • 0
  • 0
  • 18h ago

CVE-2025-33217

Overview

  • NVIDIA
  • GeForce
28 Jan 2026
Published
28 Jan 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
Pending
KEV

Description

NVIDIA Display Driver for Windows contains a vulnerability where an attacker could trigger a use after free. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.

Statistics

  • 1 Post
Last activity: 9 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

๐ŸŸ  CVE-2025-33217 - High (7.8)

NVIDIA Display Driver for Windows contains a vulnerability where an attacker could trigger a use after free. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and ...

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 9h ago
Showing 31 to 40 of 82 CVEs