SolarWinds Serv-U Vulnerability Exploited in the Wild
Unauthenticated attackers can exploit the flaw via specially crafted POST requests that crash the Serv-U service. The post SolarWinds Serv-U Vulnerability Exploited in the Wild appeared first on SecurityWeek.
The US cybersecurity agency CISA on Friday warned of attacks targeting a SolarWinds Serv-U vulnerability that had been patched a couple of days earlier.
Tracked as CVE-2026-28318 (CVSS score of 7.5), the bug is described as a denial-of-service (DoS) issue that can be exploited via specially crafted POST requests to crash the Serv-U service.
Successful exploitation of the security defect does not require authentication, SolarWinds warned on Thursday.
Source: https://www.securityweek.com/solarwinds-patches-exploited-serv-u-vulnerability/
Related breach coverage
- Everest Forms Vulnerability Exploited to Hack WordPress Sites2026-06-08
The flaw allows attackers to execute arbitrary code remotely and has been exploited in the wild for two months. The post Everest Forms Vulnerability Exploited to Hack WordPress Sites appeared first on SecurityWeek.
- WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites2026-06-01
The security defect (CVE-2026-8732) allows unauthenticated attackers to create administrative accounts on the affected installations. The post WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites appeared first on SecurityWeek.
- Gogs Zero-Day Exposes Servers to Remote Code Execution2026-05-29
The critical-severity issue, assigned a CVSS score of 9.4, is an argument injection flaw that can be exploited by authenticated attackers via pull requests with malicious branch names. The post Gogs Zero-Day Exposes Servers to Remote Code Execution appeared first on SecurityWeek.
- Mirasvit Vulnerability Exploited to Execute Code on Magento Servers2026-06-04
A flaw in the Full Page Cache Warmer extension can be exploited without authentication via serialized PHP object payloads. The post Mirasvit Vulnerability Exploited to Execute Code on Magento Servers appeared first on SecurityWeek.