CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

499 matches found

Cobbler - Authentication Bypass

Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ and possibly even older versions, may be vulnerable to an authentication bypass vulnerability in XMLRPC API /cobblerapi that can result in privilege escalation, data manipulation or exfiltration, and LDAP credential harvesting...

9.8CVSS7.2AI score0.60008EPSS

Exploits0References4

Nuclei•added 6 hours ago•45 views

Cobbler <3.3.0 - Remote Code Execution

Cobbler before 3.3.0 allows log poisoning and resultant remote code execution via an XMLRPC method. id: CVE-2021-40323 info: name: Cobbler 3.3.0 - Remote Code Execution author: c-sh0 severity: critical description: Cobbler before 3.3.0 allows log poisoning and resultant remote code execution via ...

9.8CVSS7.9AI score0.93171EPSS

Exploits0References5

Nuclei•added 2 days ago•10 views

Cobbler 'XML-RPC' - Authentication Bypass

Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. utils.getsharedsecret always returns -1, which allows anyone to connect to cobbler...

9.8CVSS5.8AI score0.70891EPSS

Exploits6References3

RedhatCVE•added 2026/03/26 5:1 p.m.•0 views

CVE-2026-22502

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Mr. Cobbler mr-cobbler allows PHP Local File Inclusion.This issue affects Mr. Cobbler: from n/a through = 1.1.9...

8.1CVSS5.8AI score0.00172EPSS

Exploits0References1

EUVD•added 2026/03/25 6:31 p.m.•1 views

EUVD-2026-15509

5.8AI score0.00172EPSS

Exploits0References2

NVD•added 2026/03/25 5:16 p.m.•1 views

CVE-2026-22502

8.1CVSS0.00172EPSS

Exploits0References1

Cvelist•added 2026/03/25 4:14 p.m.•20 views

CVE-2026-22502 WordPress Mr. Cobbler theme <= 1.1.9 - Local File Inclusion vulnerability

8.1CVSS0.00172EPSS

Exploits0References1

Vulnrichment•added 2026/03/25 4:14 p.m.•1 views

CVE-2026-22502 WordPress Mr. Cobbler theme <= 1.1.9 - Local File Inclusion vulnerability

8.1CVSS5.8AI score0.00172EPSS

Exploits0References1

CVE•added 2026/03/25 4:14 p.m.•4 views

CVE-2026-22502

CVE-2026-22502 (WordPress Mr. Cobbler theme

8.1CVSS5.8AI score0.00172EPSS

Exploits0References1

SUSE Linux•added 2026/03/25 10:10 a.m.•2 views

Maintenance update for Multi-Linux Manager 5.0: Server, Proxy and Retail Branch Server

Description: This update fixes the following issues: branch-network-formula: Update to version 1.1.0 Enable containers on SLE15SP7 Exclude podman interfaces from sysctl setting cobbler: Compatibility fixes for tftpboot directory setup inter-server-sync: Version 0.3.10-0 Write log to a rotated fil...

8.7CVSS5.8AI score0.00021EPSS

Exploits1References88

CNNVD•added 2026/03/25 12:0 a.m.•2 views

WordPress plugin Mr. Cobbler 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.1CVSS5.8AI score0.00172EPSS

Exploits0References1

Positive Technologies•added 2026/03/25 12:0 a.m.•1 views

PT-2026-27823

Name of the Vulnerable Software and Affected Versions AncoraThemes Mr. Cobbler versions n/a through 1.1.9 Description The software contains a flaw due to inadequate control of the filename for include/require statements in the PHP program, leading to a PHP Local File Inclusion issue. This allows...

8.1CVSS5.9AI score0.00172EPSS

Exploits0References3

Patchstack•added 2026/03/05 11:16 a.m.•3 views

WordPress Mr. Cobbler theme <= 1.1.9 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Mr. Cobbler versions = 1.1.9...

5.8AI score0.00172EPSS

Exploits0Affected Software1

OSV•added 2025/12/18 8:49 a.m.•2 views

SUSE-SU-2025:4444-1 Security update 5.1.1.1 for Multi-Linux Manager Client Tools

This update fixes the following issues: grafana was updated from version 11.5.7 to 11.5.10: - Security issues fixed: CVE-2025-64751: Drop experimental implementation of authorization Zanzana server/client version 11.5.10 bsc1254113 CVE-2025-47911: Fixed parsing HTML documents version 11.5.10...

8.8CVSS7.3AI score0.00067EPSS

Exploits1References10

Tenable Nessus•added 2025/11/20 12:0 a.m.•3 views

TencentOS Server 4: cobbler (TSSA-2025:0578)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0578 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

9.8CVSS5.6AI score0.70891EPSS

Exploits6References2