24h | 7d | 30d

CVE-2025-40536

Overview

  • SolarWinds
  • Web Help Desk
28 Jan 2026
Published
02 Feb 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
27.82%
KEV

Description

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 8 hours ago

Bluesky

Profile picture fallback
Microsoft Threat Intelligence @threatintel.microsoft.com
While we have not yet confirmed whether the attacks are related to the most recently disclosed vulnerabilities such as CVE-2025-40551 and CVE-2025-40536, or stem from previously disclosed vulnerabilities like CVE-2025-26399, attackers will likely continue targeting vulnerable systems.
  • 0
  • 1
  • 0
  • 8h ago

CVE-2026-22903

Overview

  • WAGO
  • 0852-1322
09 Feb 2026
Published
09 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.43%
KEV

Description

An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due to missing stack protections.

Statistics

  • 1 Post
Last activity: 18 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-004
WAGO: Vulnerabilities in Managed Switch

Several vulnerabilities have been identified in the WAGO 852‑1328 device's web‑based management interface, which is implemented using a modified lighttpd server and custom CGI binaries. These issues include multiple stack buffer overflows, an authentication bypass, and insecure credential storage.
CVE-2026-22906, CVE-2026-22904, CVE-2026-22903, CVE-2026-22905

certvde.com/en/advisories/vde-

wago.csaf-tp.certvde.com/.well

  • 0
  • 0
  • 0
  • 18h ago

CVE-2026-22905

Overview

  • WAGO
  • 0852-1322
09 Feb 2026
Published
09 Feb 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.10%
KEV

Description

An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g., /js/../cgi-bin/post.cgi), gaining unauthorized access to protected CGI endpoints and configuration downloads.

Statistics

  • 1 Post
Last activity: 18 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-004
WAGO: Vulnerabilities in Managed Switch

Several vulnerabilities have been identified in the WAGO 852‑1328 device's web‑based management interface, which is implemented using a modified lighttpd server and custom CGI binaries. These issues include multiple stack buffer overflows, an authentication bypass, and insecure credential storage.
CVE-2026-22906, CVE-2026-22904, CVE-2026-22903, CVE-2026-22905

certvde.com/en/advisories/vde-

wago.csaf-tp.certvde.com/.well

  • 0
  • 0
  • 0
  • 18h ago
Showing 31 to 33 of 33 CVEs