Skip to main content

Web Help Desk

15 CVEs product

Monthly

CVE-2026-28299 HIGH This Week

Denial-of-service in SolarWinds Web Help Desk allows remote unauthenticated attackers to crash the server by exhausting available memory. The flaw is network-reachable with low attack complexity and requires no privileges or user interaction (CVSS 8.2), and no public exploit identified at time of analysis. The issue was reported by SolarWinds and addressed in the Web Help Desk 2026.2 release.

Denial Of Service Web Help Desk
NVD VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-40554 CRITICAL POC Act Now

SolarWinds Web Help Desk has a second authentication bypass (EPSS 7.8%) providing yet another path to unauthenticated admin access.

Authentication Bypass Web Help Desk
NVD
CVSS 3.1
9.8
EPSS
7.8%
CVE-2025-40553 CRITICAL Act Now

SolarWinds Web Help Desk has a second deserialization vulnerability (EPSS 11.9%) providing another unauthenticated RCE path alongside CVE-2025-40551.

RCE Deserialization Web Help Desk
NVD GitHub
CVSS 3.1
9.8
EPSS
11.9%
CVE-2025-40552 CRITICAL POC Act Now

SolarWinds Web Help Desk has an authentication bypass vulnerability (EPSS 9.9%) that allows unauthenticated attackers to gain admin access to the helpdesk system.

Authentication Bypass Web Help Desk
NVD GitHub
CVSS 3.1
9.8
EPSS
9.9%
CVE-2025-40551 CRITICAL POC KEV THREAT Emergency

SolarWinds Web Help Desk contains an unauthenticated Java deserialization vulnerability (CVE-2025-40551, CVSS 9.8) that enables remote code execution. With EPSS 80.6% and KEV listing, this is the more severe of two concurrent WHD vulnerabilities, allowing attackers to execute arbitrary commands on the host server without any credentials.

RCE Deserialization Web Help Desk
NVD
CVSS 3.1
9.8
EPSS
80.6%
Threat
7.4
CVE-2025-40537 HIGH This Week

SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions. [CVSS 7.5 HIGH]

Authentication Bypass Web Help Desk
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-40536 HIGH POC KEV THREAT Act Now

SolarWinds Web Help Desk contains a security control bypass vulnerability (CVE-2025-40536) that allows unauthenticated attackers to access restricted functionality. With EPSS 69% and KEV listing, this CVSS 8.1 vulnerability is particularly concerning given SolarWinds' history of being targeted in supply chain attacks and the sensitive IT service data typically stored in help desk systems.

Authentication Bypass Web Help Desk
NVD
CVSS 3.1
8.1
EPSS
69.1%
Threat
6.7
CVE-2025-26399 CRITICAL KEV PATCH THREAT CERT-EU Act Now

SolarWinds Web Help Desk contains an unauthenticated deserialization RCE via AjaxProxy, a patch bypass of both CVE-2024-28988 and CVE-2024-28986, the third iteration of this vulnerability.

RCE Deserialization Web Help Desk
NVD
CVSS 3.1
9.8
EPSS
28.2%
CVE-2024-28988 CRITICAL PATCH Act Now

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Java Web Help Desk
NVD
CVSS 3.1
9.8
EPSS
8.9%
CVE-2024-28989 MEDIUM This Month

SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Web Help Desk
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-45709 MEDIUM This Month

SolarWinds Web Help Desk was susceptible to a local file read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Web Help Desk
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2024-28987 CRITICAL POC KEV THREAT Act Now

The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Web Help Desk
NVD GitHub
CVSS 3.1
9.1
EPSS
93.3%
CVE-2024-28986 CRITICAL POC KEV THREAT CERT-EU Act Now

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Java Web Help Desk
NVD
CVSS 3.1
9.8
EPSS
84.6%
CVE-2021-35243 HIGH This Week

The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Web Help Desk
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-32076 MEDIUM This Month

Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Web Help Desk
NVD
CVSS 3.1
5.3
EPSS
1.2%
EPSS 0% CVSS 8.2
HIGH This Week

Denial-of-service in SolarWinds Web Help Desk allows remote unauthenticated attackers to crash the server by exhausting available memory. The flaw is network-reachable with low attack complexity and requires no privileges or user interaction (CVSS 8.2), and no public exploit identified at time of analysis. The issue was reported by SolarWinds and addressed in the Web Help Desk 2026.2 release.

Denial Of Service Web Help Desk
NVD VulDB
EPSS 8% CVSS 9.8
CRITICAL POC Act Now

SolarWinds Web Help Desk has a second authentication bypass (EPSS 7.8%) providing yet another path to unauthenticated admin access.

Authentication Bypass Web Help Desk
NVD
EPSS 12% CVSS 9.8
CRITICAL Act Now

SolarWinds Web Help Desk has a second deserialization vulnerability (EPSS 11.9%) providing another unauthenticated RCE path alongside CVE-2025-40551.

RCE Deserialization Web Help Desk
NVD GitHub
EPSS 10% CVSS 9.8
CRITICAL POC Act Now

SolarWinds Web Help Desk has an authentication bypass vulnerability (EPSS 9.9%) that allows unauthenticated attackers to gain admin access to the helpdesk system.

Authentication Bypass Web Help Desk
NVD GitHub
EPSS 81% 7.4 CVSS 9.8
CRITICAL POC KEV THREAT Emergency

SolarWinds Web Help Desk contains an unauthenticated Java deserialization vulnerability (CVE-2025-40551, CVSS 9.8) that enables remote code execution. With EPSS 80.6% and KEV listing, this is the more severe of two concurrent WHD vulnerabilities, allowing attackers to execute arbitrary commands on the host server without any credentials.

RCE Deserialization Web Help Desk
NVD
EPSS 0% CVSS 7.5
HIGH This Week

SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions. [CVSS 7.5 HIGH]

Authentication Bypass Web Help Desk
NVD
EPSS 69% 6.7 CVSS 8.1
HIGH POC KEV THREAT Act Now

SolarWinds Web Help Desk contains a security control bypass vulnerability (CVE-2025-40536) that allows unauthenticated attackers to access restricted functionality. With EPSS 69% and KEV listing, this CVSS 8.1 vulnerability is particularly concerning given SolarWinds' history of being targeted in supply chain attacks and the sensitive IT service data typically stored in help desk systems.

Authentication Bypass Web Help Desk
NVD
EPSS 28% CVSS 9.8
CRITICAL KEV PATCH THREAT Act Now

SolarWinds Web Help Desk contains an unauthenticated deserialization RCE via AjaxProxy, a patch bypass of both CVE-2024-28988 and CVE-2024-28986, the third iteration of this vulnerability.

RCE Deserialization Web Help Desk
NVD
EPSS 9% CVSS 9.8
CRITICAL PATCH Act Now

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Java +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Web Help Desk
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

SolarWinds Web Help Desk was susceptible to a local file read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Web Help Desk
NVD
EPSS 93% CVSS 9.1
CRITICAL POC KEV THREAT Act Now

The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Web Help Desk
NVD GitHub
EPSS 85% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Java +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Web Help Desk
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Web Help Desk
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy