EUVD-2025-209739

Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.execphp. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally allowed to execute PHP code...

CVE-2021-37146

An infinite loop in Open Robotics roscomm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in roscomm via a crafted XMLRPC call...

The vulnerability of the XMLRPC API interface of the Movable Type content management system allows attackers to execute arbitrary commands.

The vulnerability of the XMLRPC API interface of the Movable Type content management system is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

CVE-2022-24333

In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible...

PT-2021-8694 · Red Hat · Redhat-Certification

Name of the Vulnerable Software and Affected Versions: redhat-certification version 7 Description: The issue allows an unauthenticated user to perform a "Billion Laugh Attack" by replying to XMLRPC methods when getting the status of a host, due to the improper restriction of recursive definitions...

VulnCheck KEV: CVE-2018-9866

A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System GMS virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier...

eQ-3 AG HomeMatic CCU2 Open XML-RPC Port Vulnerability

The eQ-3 AG Homematic CCU2 is a central control unit for controlling smart home devices from eQ-3 Germany. A security vulnerability exists in the eQ-3 AG HomeMatic CCU2 version 2.29.22. An attacker can exploit the vulnerability by sending arbitrary XML-RPC requests to control attached BidCos...

DEBIAN-CVE-2017-11610

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups...

CVE-2017-8056

WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity XXE, in the XML-RPC agent. This causes the Firebox wgagent process to crash. This process crash ends all authenticated sessions to the Firebox, including management connections, and prevents new...

WatchGuard Fireware XML-RPC External Entity Extension Denial of Service Vulnerability

The full name of XML-RPC is XML Remote Procedure Call, that is, XML a subset under Standard Generalized Markup Language remote procedure call. An external entity extension denial of service vulnerability exists in WatchGuard Fireware XML-RPC, which can be exploited by an attacker to crash the...

Cisco TelePresence System Software Command Execution

According to the self-reported device name of the remote device, it may be a Cisco TelePresence System device. Nessus cannot determine the version of the software running on this device, but it may be affected by a vulnerability that could allow an unauthorized user to execute arbitrary commands...