CVE-2026-11450 GL.iNet GL-MT3000 Path Normalization dlopen command injection

A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation of the argument devname results in command injection. It is possible to initiate the attack...

Lyrion Music Server 9.2.0 Arbitrary Directory Listing

Summary Lyrion Music Server formerly Logitech Media Server, and often abbreviated as "LMS" is open-source software which can control and serve stream music to a wide range of physical and virtual audio players called Squeezeboxes. Lyrion Music Server can stream your local music collection, intern...

CVE-2018-25384

Wikidforum 2.20 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted HTML in the replytext parameter. Attackers can post comments containing JavaScript code through the rpc.php endpoint that executes in other users'...

CVE-2018-25384

Wikidforum 2.20 contains a cross-site scripting vulnerability: authenticated attackers can inject JavaScript by submitting crafted HTML in the reply_text parameter via the rpc.php endpoint, causing scripts to execute in other users’ browsers when viewing forum replies. The CVE entry provides this...

CVE-2018-25384 Wikidforum 2.20 Cross-Site Scripting via reply_text Parameter

Wikidforum 2.20 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted HTML in the replytext parameter. Attackers can post comments containing JavaScript code through the rpc.php endpoint that executes in other users'...

EUVD-2018-21906

Wikidforum 2.20 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted HTML in the replytext parameter. Attackers can post comments containing JavaScript code through the rpc.php endpoint that executes in other users'...

CVE-2026-5029

A remote code execution vulnerability exists in Code Runner MCP Server when run with the --transport http option, which exposes the /mcp JSON-RPC endpoint without authentication on port 3088. An unauthenticated remote attacker can invoke the run-code MCP tool to supply arbitrary source code and...

Code Runner MCP Server 访问控制错误漏洞

Code Runner MCP Server is a multi-language code execution and result display tool developed by Jun Han. There is an access control vulnerability in Code Runner MCP Server. This vulnerability arises when the --transport http option is used, exposing an unauthenticated /mcp JSON-RPC endpoint on por...

CVE-2025-13855 IBM Storage Protect Server is affected by a vulnerability that could allow authenticated users to access administrative metadata through the JSON-RPC endpoint .

IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

EUVD-2026-16943

A flaw has been found in elecV2 elecV2P up to 3.8.3. This issue affects the function pm2run of the file /rpc. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem ear...

elecV2P 操作系统命令注入漏洞

elecV2P is a network request modification and scheduled task tool developed by the elecV2 individual developer. Versions of elecV2P 3.8.3 and earlier have a vulnerability related to operating system command injection. This vulnerability stems from the pm2run function in the/rpc file, which allows...

PT-2026-28726

Name of the Vulnerable Software and Affected Versions elecV2 versions prior to 3.8.4 Description A flaw exists in elecV2, specifically in the pm2run function within the /rpc file. A manipulation of this function can lead to operating system command injection. This issue can be exploited remotely...

CVE-2026-27796 Homarr: Unauthenticated Information Disclosure (Integration Metadata Leak)

Homarr is an open-source dashboard. Prior to version 1.54.0, the integration.all tRPC endpoint in Homarr is exposed as a publicProcedure, allowing unauthenticated users to retrieve a complete list of configured integrations. This metadata includes sensitive information such as internal service...

CVE-2020-10862

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service AvastSvc.exe allows attackers to achieve Local Privilege Escalation LPE via RPC...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the HttpServletRpcEndpoint endpoint. of the LiteRpc-Serializer component. An attacker can enumerate valid values for LiteRpc-Klass and LiteRpc-Method headers without guessing, guaranteeing that the...

EUVD-2021-13862

Malware in sbrugna...

EUVD-2019-13491

Malware in sbrugna...

EUVD-2020-3273

Malware in sbrugna...

EUVD-2011-3559

Malware in sbrugna...

EUVD-2020-3272

Malware in sbrugna...