CVE-2025-43801

Unchecked input for loop condition vulnerability in XML-RPC in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers...

PT-2025-38053

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.4 Liferay DXP version 2023.Q4.0 Liferay Portal versions 7.3 GA through update 35 Liferay Portal versions 7.4 GA through update 92 Description: An...

Linux Distros Unpatched Vulnerability : CVE-2012-6531

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 1 ZendDom, 2 ZendFeed, and 3 ZendSoap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow...

Linux Distros Unpatched Vulnerability : CVE-2024-47533

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in...

Linux Distros Unpatched Vulnerability : CVE-2020-28036

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post. CVE-2020-28036 Note...

Linux Distros Unpatched Vulnerability : CVE-2020-16124

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer Overflow or Wraparound vulnerability in the XML RPC library of OpenRobotics roscomm communications packages allows unauthenticated network traffic to...

Linux Distros Unpatched Vulnerability : CVE-2017-9062

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API. CVE-2017-9062 Note that Nessus relies on the presence of the...

WordPress Authentication and xmlrpc log writer plugin cross-site scripting vulnerability

The WordPress Authentication and xmlrpc log writer plugin is a plugin for logging failed login attempts e.g. brute-force attacks and invalid XMLRPC requests, primarily for processing data and protecting against it with tools like fail2ban. The WordPress Authentication and xmlrpc log writer plugin...

Linux Distros Unpatched Vulnerability : CVE-2025-54352

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not...

Linux Distros Unpatched Vulnerability : CVE-2014-5266

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Incutio XML-RPC IXR Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an X...

WordPress Information Disclosure Vulnerability (Jul 2025) - Windows

WordPress is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-54352

WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not changing this behavior...

CVE-2025-54352

WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not changing this behavior...

UBUNTU-CVE-2025-54352

WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not changing this behavior...

CVE-2025-54352

WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not changing this behavior...

CVE-2025-54352

WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not changing this behavior...

CVE-2025-54352

CVE-2025-54352 affects WordPress 3.5–6.8.2 and enables remote disclosure of private/draft post titles via pingback.ping XML-RPC requests. A PoC on GitHub demonstrates retrieving the title after sending a pingback to a crafted post. The provided sources confirm the vulnerability but do not specify...

CVE-2022-24333

In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible...

CVE-2022-24336

In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server...

CVE-2022-24335

JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use TOCTOU race-condition attack in agent registration via XML-RPC...