CVE-2025-11700

< 2025.4

N-central versions < 2025.4 are vulnerable to multiple XML External Entities injection leading to information disclosure

7.5HIGH

CVE-2025-11367

< 2025.4

The N-central Software Probe < 2025.4 is vulnerable to Remote Code Execution via deserialization

9.8CRITICAL

CVE-2025-11366

< 2025.4

N-central < 2025.4 is vulnerable to authentication bypass via path traversal

9.8CRITICAL

CVE-2025-10231

< 2025.3

An Incorrect File Handling Permission bug exists on the N-central Windows Agent and Probe that, in the right circumstances, can al

7.0HIGH

CVE-2025-7051

< 2025.2

On N-central, it is possible for any authenticated user to read, write and modify syslog configuration across customers on an N-ce

8.3HIGH

CVE-2025-8876

< 2025.3.1

Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.

8.8HIGH

CVE-2025-8875

< 2025.3.1

Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: b

7.8HIGH

CVE-2024-8510

< 2024.6

N-central is vulnerable to a path traversal that allows unintended access to the Apache Tomcat WEB-INF directory. Customer data is

5.3MEDIUM

CVE-2024-5322

< 2024.3

The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can lead to aut

9.1CRITICAL

CVE-2024-28200

< 2024.2

The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deploym

9.1CRITICAL

CVE-2023-47132

< 2023.7

An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls.

9.8CRITICAL

CVE-2023-30297

< 2023.4

An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code via the mon

7.0HIGH

CVE-2020-25622

all versions

An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows CSRF.

8.8HIGH

CVE-2020-25621

all versions

An issue was discovered in SolarWinds N-Central 12.3.0.670. The local database does not require authentication: security is only b

8.4HIGH

CVE-2020-25620

all versions

An issue was discovered in SolarWinds N-Central 12.3.0.670. Hard-coded Credentials exist by default for local user accounts named

7.8HIGH

CVE-2020-25619

all versions

An issue was discovered in SolarWinds N-Central 12.3.0.670. The SSH component does not restrict the Communication Channel to Inten

4.4MEDIUM

CVE-2020-25618

all versions

An issue was discovered in SolarWinds N-Central 12.3.0.670. The sudo configuration has incorrect access control because the nable

8.8HIGH

CVE-2020-25617

all versions

An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows Relative Path Traversal by an

8.8HIGH

CVE-2020-15910

<= 12.3

SolarWinds N-Central version 12.3 GA and lower does not set the JSESSIONID attribute to HTTPOnly. This makes it possible to influe

4.7MEDIUM

CVE-2020-15909

<= 2020.1

SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access. The N-Central JSESS

8.8HIGH

CVE-2020-7984

< 12.1.1.404

SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin creden

7.5HIGH