Lucene search
K

269 matches found

vulnersOsv
vulnersOsv
added 2026/04/13 4:36 p.m.5 views

nimiq-client (>=0.1.0 <=0.2.0), nimiq-lib (>=0.1.0 <=0.2.0) +2 more potentially affected by CVE-2026-34069 via nimiq-consensus (>=0.1.0 <=0.2.0)

nimiq-consensus CARGO version =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2026-34069 Source advisory: OSV:GHSA-48M6-486P-9J8P...

5.3CVSS5.8AI score0.00297EPSS
Exploits0
OSV
OSV
added 2026/04/02 3:16 p.m.5 views

UBUNTU-CVE-2026-33533

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, the Glances XML-RPC server activated with glances -s or glances --server sends Access-Control-Allow-Origin: on every HTTP response. Because the XML-RPC handler does not validate the Content-Type header, an...

7.1CVSS5.8AI score0.00409EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/02 2:56 p.m.24 views

CVE-2026-33533 Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, the Glances XML-RPC server activated with glances -s or glances --server sends Access-Control-Allow-Origin: on every HTTP response. Because the XML-RPC handler does not validate the Content-Type header, an...

7.1CVSS0.00409EPSS
Exploits1References3
CVE
CVE
added 2026/04/02 2:45 p.m.12 views

CVE-2026-5344

Textpattern up to 4.9.1 is affected. The vulnerability lies in the XML-RPC Handler’s mt_uploadImage function (rpc/TXP_RPCServer.php) where manipulation of the file.name argument enables path traversal. This permits remote exploitation, and publicly disclosed exploits exist. The vendor has acknowl...

6.5CVSS6.1AI score0.00332EPSS
Exploits0References4
OSV
OSV
added 2026/03/30 5:0 p.m.12 views

GHSA-7P93-6934-F4Q7 Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard

Summary The Glances XML-RPC server activated with glances -s or glances --server sends Access-Control-Allow-Origin: on every HTTP response. Because the XML-RPC handler does not validate the Content-Type header, an attacker-controlled webpage can issue a CORS "simple request" POST with Content-Typ...

7.1CVSS6AI score0.00409EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.9 views

PT-2026-29154

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.3 Description Glances is a system cross-platform monitoring tool. The XML-RPC server activated with glances -s or glances --server sends Access-Control-Allow-Origin: on every HTTP response. Because the XML-RPC...

7.1CVSS5.8AI score0.00409EPSS
Exploits1References16
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.10 views

Effect Monorepo 竞争条件问题漏洞

Effect Monorepo is a functional framework developed by Effect Open Source for building TypeScript applications. Versions of Effect Monorepo prior to 3.20.0 contained a race condition vulnerability, which was caused by context confusion in RpcServer.toWebHandler, potentially allowing access to the...

7.4CVSS5.8AI score0.0027EPSS
Exploits1References1
OSV
OSV
added 2026/02/25 6:23 p.m.6 views

CVE-2026-3194

A flaw has been found in Chia Blockchain 2.1.0. The affected element is the function sendtransaction/getprivatekey of the component RPC Server Master Passphrase Handler. This manipulation causes missing authentication. The attack can only be executed locally. The attack's complexity is rated as...

7CVSS5AI score
Exploits0References4
OSV
OSV
added 2026/02/25 5:25 p.m.8 views

CVE-2026-3192

A security vulnerability has been detected in Chia Blockchain 2.1.0. This issue affects the function authenticate of the file rpcserverbase.py of the component RPC Credential Handler. The manipulation leads to improper authentication. The attack is possible to be carried out remotely. The attack ...

8.1CVSS5.1AI score0.00561EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/25 5:2 p.m.25 views

CVE-2026-3194 Chia Blockchain RPC Server Master Passphrase get_private_key missing authentication

A flaw has been found in Chia Blockchain 2.1.0. The affected element is the function sendtransaction/getprivatekey of the component RPC Server Master Passphrase Handler. This manipulation causes missing authentication. The attack can only be executed locally. The attack's complexity is rated as...

4.5CVSS0.00217EPSS
Exploits1References4
Snyk
Snyk
added 2026/02/10 12:21 a.m.2 views

Arbitrary Command Injection

Overview bitcoinrb is an implementation of Bitcoin Protocol for Ruby Affected versions of this package are vulnerable to Arbitrary Command Injection via the send function in rpc/httpserver.rb, which runs as part of the experimental SPV node feature. An attacker can execute arbitrary system comman...

8.6CVSS6.2AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.5 views

Azure Linux 3.0 Security Update: samba (CVE-2020-14383)

The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-14383 advisory. - A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash...

6.5CVSS8.1AI score0.0218EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/08 3:33 p.m.4 views

CVE-2025-68151 CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations gRPC, HTTPS, and HTTP/3 lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent...

8.7CVSS6.8AI score0.00412EPSS
Exploits0References3
Veracode
Veracode
added 2025/12/13 8:3 a.m.6 views

Remote Code Execution (RCE)

Fugue is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization in the FlaskRPCServer implementation, where the decode function uses cloudpickle.loads on untrusted data, allowing attackers to send malicious serialized objects that execute arbitrary code on the...

8.8CVSS6.3AI score0.0067EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/12/09 1:11 p.m.6 views

CLSA-2025-1765285897 Fix CVE(s): CVE-2021-3738

SECURITY UPDATE: use after free in Samba AD DC RPC server - debian/patches/CVE-2021-3738-pre.patch: prepare service routines before fixing CVE-2021-3738 - debian/patches/CVE-2021-3738.patch: avoids a crash caused by use-after-free in Samba AD DC RPC server - CVE-2021-3738.patch...

8.8CVSS7.2AI score0.01888EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/02 12:22 p.m.19 views

CVE-2025-62703

Fugue is a unified interface for distributed computing that lets users execute Python, Pandas, and SQL code on Spark, Dask, and Ray with minimal rewrites. In version 0.9.2 and prior, there is a remote code execution vulnerability by pickle deserialization via FlaskRPCServer. The Fugue framework...

8.8CVSS9.1AI score0.0067EPSS
Exploits1References1
NVD
NVD
added 2025/11/25 10:15 p.m.7 views

CVE-2025-62703

Fugue is a unified interface for distributed computing that lets users execute Python, Pandas, and SQL code on Spark, Dask, and Ray with minimal rewrites. In version 0.9.2 and prior, there is a remote code execution vulnerability by pickle deserialization via FlaskRPCServer. The Fugue framework...

8.8CVSS0.0067EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/25 9:31 p.m.3 views

CVE-2025-62703 Fugue is Vulnerable to Remote Code Execution by Pickle Deserialization via FlaskRPCServer

Fugue is a unified interface for distributed computing that lets users execute Python, Pandas, and SQL code on Spark, Dask, and Ray with minimal rewrites. In version 0.9.2 and prior, there is a remote code execution vulnerability by pickle deserialization via FlaskRPCServer. The Fugue framework...

8.8CVSS8.8AI score0.0067EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/25 9:31 p.m.11 views

CVE-2025-62703 Fugue is Vulnerable to Remote Code Execution by Pickle Deserialization via FlaskRPCServer

Fugue is a unified interface for distributed computing that lets users execute Python, Pandas, and SQL code on Spark, Dask, and Ray with minimal rewrites. In version 0.9.2 and prior, there is a remote code execution vulnerability by pickle deserialization via FlaskRPCServer. The Fugue framework...

8.8CVSS0.0067EPSS
Exploits1References2
OSV
OSV
added 2025/11/25 9:31 p.m.8 views

CVE-2025-62703 Fugue is Vulnerable to Remote Code Execution by Pickle Deserialization via FlaskRPCServer

Fugue is a unified interface for distributed computing that lets users execute Python, Pandas, and SQL code on Spark, Dask, and Ray with minimal rewrites. In version 0.9.2 and prior, there is a remote code execution vulnerability by pickle deserialization via FlaskRPCServer. The Fugue framework...

8.8CVSS9.1AI score0.0067EPSS
Exploits1References4
Rows per page
Query Builder