24 matches found
BIT-APPSMITH-2026-50189 Appsmith: RCE via Supervisord XML-RPC Admin Interface Exposed via /supervisor Caddy Route
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled supervisord exposes an XML-RPC interface on port 9001, reachable from outside the container via a Caddy reverse-proxy route at /supervisor/ on the public ingress. Combined with the...
CVE-2026-50189
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled supervisord exposes an XML-RPC interface on port 9001, reachable from outside the container via a Caddy reverse-proxy route at /supervisor/ on the public ingress. Combined with the...
CVE-2026-50189
Appsmith before version 2.1 is affected by a remote code execution via its bundled supervisord XML-RPC interface exposed on port 9001 and reachable through a Caddy route at /supervisor/. If an authenticated administrator accesses GET /api/v1/admin/env and obtains APPSMITH_SUPERVISOR_PASSWORD, the...
CVE-2026-50189 Appsmith: RCE via Supervisord XML-RPC Admin Interface Exposed via /supervisor Caddy Route
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled supervisord exposes an XML-RPC interface on port 9001, reachable from outside the container via a Caddy reverse-proxy route at /supervisor/ on the public ingress. Combined with the...
CVE-2026-50189 Appsmith: RCE via Supervisord XML-RPC Admin Interface Exposed via /supervisor Caddy Route
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled supervisord exposes an XML-RPC interface on port 9001, reachable from outside the container via a Caddy reverse-proxy route at /supervisor/ on the public ingress. Combined with the...
PT-2026-52103
Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 2.1 Description The bundled supervisord exposes an XML-RPC interface on port 9001, which is accessible from outside the container through a Caddy reverse-proxy route at the '/supervisor/' endpoint. An authenticated...
Exploit for Incorrect Default Permissions in Supervisord Supervisor
LAB 3 — Supervisord XML-RPC Remote Code Execution CVE-2017-11...
CVE-2026-0615
The Librarian supervisord status page can be retrieved by the webfetch tool, which can be used to retrieve running processes within TheLibrarian backend. The vendor has fixed the vulnerability in all affected versions...
CVE-2026-0615
The Librarian supervisord status page can be retrieved by the webfetch tool, which can be used to retrieve running processes within TheLibrarian backend. The vendor has fixed the vulnerability in all affected versions...
CVE-2026-0615 CVE-2026-0615
The Librarian supervisord status page can be retrieved by the webfetch tool, which can be used to retrieve running processes within TheLibrarian backend. The vendor has fixed the vulnerability in all affected versions...
CVE-2026-0615
The Librarian (TheLibrarian.io) vulnerability CVE-2026-0615 concerns the supervisord status page exposed via the web_fetch tool, enabling retrieval of running processes in TheLibrarian backend. According to the sources, this could allow an attacker to enumerate backend processes and exposed state...
CVE-2026-0615 CVE-2026-0615
The Librarian supervisord status page can be retrieved by the webfetch tool, which can be used to retrieve running processes within TheLibrarian backend. The vendor has fixed the vulnerability in all affected versions...
CVE-2026-0615
The Librarian supervisord status page can be retrieved by the webfetch tool, which can be used to retrieve running processes within TheLibrarian backend. The vendor has fixed the vulnerability in all affected versions...
PT-2026-3249
Name of the Vulnerable Software and Affected Versions TheLibrarian versions prior to the fixed version Description The supervisord status page within TheLibrarian can be accessed via the web fetch tool, potentially exposing running processes in the backend. This allows for the retrieval of...
Recog Release v3.0.3
Recog Release v3.0.3, which is available now, includes updated fingerprints for Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus; Atlassian Bitbucket Server; and Supervisord Supervisor. It also includes new fingerprints and a number of bug fixes, all of which are detailed...
Nexus Repository Manager 3 new vulnerability has been used in mining Trojan spread, users are advised to fix as soon as possible-vulnerability warning-the black bar safety net
Recently, Ali cloud security monitoring to watchbog mining Trojan use the new exposure of the Nexus Repository Manager 3 remote code execution vulnerabilityCVE-2019-7238for attack and mining the events. It is worth noting that this attack Start Time 2 on 24th and 2 on 5 May above products, the...
supervisor: Command injection via malicious XML-RPC request
A vulnerability was found in the XML-RPC interface in supervisord. When processing malformed commands, an attacker can cause arbitrary shell commands to be executed on the server as the same user as supervisord. Exploitation requires the attacker to first be authenticated to the supervisord servi...
CVE-2017-11610
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups...
PYSEC-2017-41
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups...
FreeBSD : Supervisord -- An authenticated client can run arbitrary shell commands via malicious XML-RPC requests (c9460380-81e3-11e7-93af-005056925db4)
mnaberez reports : supervisord can be configured to run an HTTP server on a TCP socket and/or a Unix domain socket. The HTTP server is how supervisorctl communicates with supervisord. If an HTTP server has been enabled, it will always serve both HTML pages and an XML-RPC interface. A vulnerabilit...