| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-13809 | orionsec orion-ops SSH Connection MachineInfoController.java server-side request forgery | orionsec | orion-ops | Medium | 6.3 | 2025-12-01 05:32:06 | Deep Dive |
| CVE-2025-13808 | orionsec orion-ops User Profile UserController.java update improper authorization | orionsec | orion-ops | High | 7.3 | 2025-12-01 05:02:06 | Deep Dive |
| CVE-2025-13807 | orionsec orion-ops API MachineKeyController.java MachineKeyController improper authorization | orionsec | orion-ops | Medium | 4.3 | 2025-12-01 04:32:06 | Deep Dive |
| CVE-2025-9967 | Orion SMS OTP Verification <= 1.1.7 - Authentication Bypass via Account Takeover | gsayed786 | Orion SMS OTP Verification. | Critical | 9.8 | 2025-10-15 08:26:00 | Deep Dive |
| CVE-2025-7692 | Orion Login with SMS <= 1.0.5 - Authentication Bypass via Weak OTP | gsayed786 | Orion Login with SMS | High | 8.1 | 2025-07-22 09:22:43 | Deep Dive |
| CVE-2022-46856 | WordPress Woocommerce Product Designer Plugin <= 4.3.3 is vulnerable to Cross Site Request Forgery (CSRF) | ORION | Woocommerce Products Designer | Medium | 5.4 | 2023-05-25 11:23:58 | Deep Dive |
| CVE-2022-36964 | SolarWinds Platform Deserialization of Untrusted Data | SolarWinds | SolarWinds Platform | High | 8.8 | 2022-11-29 20:47:50 | Deep Dive |
| CVE-2022-36962 | SolarWinds Platform Command Injection | SolarWinds | SolarWinds Platform | High | 7.2 | 2022-11-29 20:46:18 | Deep Dive |
| CVE-2022-36960 | SolarWinds Platform Improper Input Validation | SolarWinds | SolarWinds Platform | High | 8.8 | 2022-11-29 20:43:38 | Deep Dive |
| CVE-2022-38108 | SolarWinds Platform Deserialization of Untrusted Data | SolarWinds | SolarWinds Platform | High | 7.2 | 2022-10-20 20:11:25 | Deep Dive |
| CVE-2022-36958 | SolarWinds Platform Deserialization of Untrusted Data | SolarWinds | SolarWinds Platform | High | 8.8 | 2022-10-20 20:10:01 | Deep Dive |
| CVE-2022-36957 | SolarWinds Platform Deserialization of Untrusted Data | SolarWinds | SolarWinds Platform | High | 7.2 | 2022-10-20 20:08:05 | Deep Dive |
| CVE-2022-36965 | Stored and DOM XSS in QoE Applications: Orion Platform | SolarWinds | Orion Platform | Medium | 6.1 | 2022-09-30 16:45:25 | Deep Dive |
| CVE-2022-36961 | Orion Platform SQL Injection Privilege Escalation Vulnerability | SolarWinds | Orion Platform | High | 8.8 | 2022-09-30 16:06:10 | Deep Dive |
| CVE-2021-35234 | Exposed Dangerous Functions - Privileged Escalation | SolarWinds | Orion Core | High | 8.0 | 2021-12-20 20:08:26 | Deep Dive |
| CVE-2021-35244 | Unrestricted File Upload Causing Remote Code Execution: Orion Platform 2020.2.6 | SolarWinds | Orion Platform | Medium | 6.8 | 2021-12-20 20:08:25 | Deep Dive |
| CVE-2021-35248 | Unrestricted access to Orion.UserSettings SWIS entity for low-privilege users | SolarWinds | Orion | Medium | 6.8 | 2021-12-20 20:08:24 | Deep Dive |
| CVE-2021-35217 | Insecure Deserialization of untrusted data causing Remote code execution vulnerability. | SolarWinds | Orion Platform | High | 8.9 | 2021-09-08 13:15:04 | Deep Dive |
| CVE-2021-35215 | ActionPluginBaseView Deserialization of Untrusted Data RCE | SolarWinds | Orion Platform | High | 8.9 | 2021-09-01 14:21:46 | Deep Dive |
| CVE-2021-35238 | Stored XSS through URL POST parameter in CreateExternalWebsite Vulnerability | SolarWinds | Orion Platform | Medium | 4.8 | 2021-09-01 11:02:35 | Deep Dive |