24h | 7d | 30d

CVE-2025-40551

Overview

  • SolarWinds
  • Web Help Desk
28 Jan 2026
Published
04 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
54.99%
KEV

Description

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 10 hours ago

Bluesky

Profile picture fallback
Microsoft Threat Intelligence @threatintel.microsoft.com
While we have not yet confirmed whether the attacks are related to the most recently disclosed vulnerabilities such as CVE-2025-40551 and CVE-2025-40536, or stem from previously disclosed vulnerabilities like CVE-2025-26399, attackers will likely continue targeting vulnerable systems.
  • 0
  • 1
  • 0
  • 10h ago

CVE-2025-26399

Overview

  • SolarWinds
  • Web Help Desk
23 Sep 2025
Published
24 Sep 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
12.86%
KEV

Description

SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 10 hours ago

Bluesky

Profile picture fallback
Microsoft Threat Intelligence @threatintel.microsoft.com
While we have not yet confirmed whether the attacks are related to the most recently disclosed vulnerabilities such as CVE-2025-40551 and CVE-2025-40536, or stem from previously disclosed vulnerabilities like CVE-2025-26399, attackers will likely continue targeting vulnerable systems.
  • 0
  • 1
  • 0
  • 10h ago

CVE-2025-40536

Overview

  • SolarWinds
  • Web Help Desk
28 Jan 2026
Published
02 Feb 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
27.82%
KEV

Description

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 10 hours ago

Bluesky

Profile picture fallback
Microsoft Threat Intelligence @threatintel.microsoft.com
While we have not yet confirmed whether the attacks are related to the most recently disclosed vulnerabilities such as CVE-2025-40551 and CVE-2025-40536, or stem from previously disclosed vulnerabilities like CVE-2025-26399, attackers will likely continue targeting vulnerable systems.
  • 0
  • 1
  • 0
  • 10h ago

CVE-2026-22903

Overview

  • WAGO
  • 0852-1322
09 Feb 2026
Published
09 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.43%
KEV

Description

An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due to missing stack protections.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-004
WAGO: Vulnerabilities in Managed Switch

Several vulnerabilities have been identified in the WAGO 852‑1328 device's web‑based management interface, which is implemented using a modified lighttpd server and custom CGI binaries. These issues include multiple stack buffer overflows, an authentication bypass, and insecure credential storage.
CVE-2026-22906, CVE-2026-22904, CVE-2026-22903, CVE-2026-22905

certvde.com/en/advisories/vde-

wago.csaf-tp.certvde.com/.well

  • 0
  • 0
  • 0
  • 20h ago

CVE-2026-22905

Overview

  • WAGO
  • 0852-1322
09 Feb 2026
Published
09 Feb 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.10%
KEV

Description

An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g., /js/../cgi-bin/post.cgi), gaining unauthorized access to protected CGI endpoints and configuration downloads.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-004
WAGO: Vulnerabilities in Managed Switch

Several vulnerabilities have been identified in the WAGO 852‑1328 device's web‑based management interface, which is implemented using a modified lighttpd server and custom CGI binaries. These issues include multiple stack buffer overflows, an authentication bypass, and insecure credential storage.
CVE-2026-22906, CVE-2026-22904, CVE-2026-22903, CVE-2026-22905

certvde.com/en/advisories/vde-

wago.csaf-tp.certvde.com/.well

  • 0
  • 0
  • 0
  • 20h ago
Showing 31 to 35 of 35 CVEs