Lucene search
+L

7218 matches found

Cvelist
Cvelist
added yesterday15 views

CVE-2026-16126 zevorn rt-claw Swarm RPC Receiver swarm.c handle_rpc_request authorization

A vulnerability was determined in zevorn rt-claw up to 0.2.0. The impacted element is the function handlerpcrequest of the file claw/services/swarm/swarm.c of the component Swarm RPC Receiver. This manipulation causes incorrect authorization. The attack is possible to be carried out remotely. The...

7.5CVSS
Exploits0References8
EUVD
EUVD
added yesterday11 views

EUVD-2026-45387

A vulnerability was determined in zevorn rt-claw up to 0.2.0. The impacted element is the function handlerpcrequest of the file claw/services/swarm/swarm.c of the component Swarm RPC Receiver. This manipulation causes incorrect authorization. The attack is possible to be carried out remotely. The...

7.5CVSS7AI score
Exploits0References8
CVE
CVE
added yesterday11 views

CVE-2026-16126

The CVE affects zevorn rt-claw up to version 0.2.0, specifically the Swarm RPC Receiver’s Swarm.c handle_rpc_request function. The root cause is a manipulation that leads to incorrect authorization, enabling remote exploitation. Public exploit information exists and is accessible. No remediation ...

7.5CVSS7AI score
Exploits0References8
NVD
NVD
added yesterday8 views

CVE-2024-58362

SurrealDB before 1.5.5 and 2.0.0-beta before 2.0.0-beta.3 accepts an arbitrary object in the signin and signup operations of the RPC API without recursively validating it for non-computed values. When a record access method defines a SIGNIN or SIGNUP query and the RPC API is exposed to untrusted...

8.8CVSS
Exploits0References2
EUVD
EUVD
added yesterday8 views

EUVD-2024-55678

SurrealDB before 1.5.5 and 2.0.0-beta before 2.0.0-beta.3 accepts an arbitrary object in the signin and signup operations of the RPC API without recursively validating it for non-computed values. When a record access method defines a SIGNIN or SIGNUP query and the RPC API is exposed to untrusted...

8.8CVSS5.5AI score
Exploits0References2
Cvelist
Cvelist
added yesterday15 views

CVE-2024-58362 SurrealDB before 1.5.5 Query Injection via RPC API

SurrealDB before 1.5.5 and 2.0.0-beta before 2.0.0-beta.3 accepts an arbitrary object in the signin and signup operations of the RPC API without recursively validating it for non-computed values. When a record access method defines a SIGNIN or SIGNUP query and the RPC API is exposed to untrusted...

8.8CVSS
Exploits0References2
Nuclei
Nuclei
added yesterday62 views

Cobbler 'XML-RPC' - Authentication Bypass

Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. utils.getsharedsecret always returns -1, which allows anyone to connect to cobbler...

9.8CVSS8.2AI score0.03948EPSS
Exploits6References3
Nuclei
Nuclei
added yesterday47 views

Webmin < 1.920 - Authenticated Remote Code Execution

rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialisevariable makes an eval call. NOTE: the WebminServersIndex documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must...

8.8CVSS8.1AI score0.38038EPSS
Exploits4References5
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60973

A vulnerability was determined in zevorn rt-claw up to 0.2.0. The impacted element is the function handle rpc request of the file claw/services/swarm/swarm.c of the component Swarm RPC Receiver. This manipulation causes incorrect authorization. The attack is possible to be carried out remotely. T...

7.5CVSS5.1AI score
Exploits0References9
Cvelist
Cvelist
added 2 days ago37 views

CVE-2026-59252 Missing gas_limit validation in mpp Tempo fee-payer enables wallet drain

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer feepayer: true, the MPP.Methods.Tempo payment meth...

8.2CVSS0.00362EPSS
Exploits0References4
Nuclei
Nuclei
added 2 days ago198 views

VMware VRealize Network Insight - Remote Code Execution

VMWare Aria Operations for Networks vRealize Network Insight is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the ro...

9.8CVSS9.7AI score0.98281EPSS
Exploits7References5
Nuclei
Nuclei
added 3 days ago468 views

Revive Adserver 4.2 - Remote Code Execution

Revive Adserver 4.2 is susceptible to remote code execution. An attacker can send a crafted payload to the XML-RPC invocation script and trigger the unserialize call on the "what" parameter in the "openads.spc" RPC method. This can be exploited to perform various types of attacks, e.g...

9.8CVSS7.1AI score0.57022EPSS
Exploits7References5
Tenable Nessus
Tenable Nessus
added 3 days ago7 views

Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-8547-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8547-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

9.8CVSS6.8AI score0.09796EPSS
Exploits4References66
OSV
OSV
added 4 days ago4 views

CVE-2026-52869 MCP Python SDK: HTTP transports serve session requests without verifying the authenticated principal

The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol MCP. Prior to 1.27.2, the SSE and stateful Streamable HTTP transports mcp.server.sse.SseServerTransport and mcp.server.streamablehttpmanager.StreamableHTTPSessionManager route requests to existing...

7.1CVSS6.1AI score0.0025EPSS
Exploits0References8
CVE
CVE
added 4 days ago20 views

CVE-2026-52869

The MCP Python SDK (mcp on PyPI) has a vulnerability affecting versions prior to 1.27.2 in its SSE and stateful Streamable HTTP transports. These transports (mcp.server.sse.SseServerTransport and mcp.server.streamable_http_manager.StreamableHTTPSessionManager) route requests to an existing sessio...

7.1CVSS6.1AI score0.0025EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-52869 MCP Python SDK: HTTP transports serve session requests without verifying the authenticated principal

The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol MCP. Prior to 1.27.2, the SSE and stateful Streamable HTTP transports mcp.server.sse.SseServerTransport and mcp.server.streamablehttpmanager.StreamableHTTPSessionManager route requests to existing...

7.1CVSS0.0025EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-56339 Capgo - Unauthenticated Organization Existence Enumeration via rescind_invitation RPC

Capgo Cap-go/capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST SECURITY DEFINER RPC function public.rescindinvitation that allows unauthenticated attackers to enumerate organization existence. The function returns distinct error messages NOORG vs...

8.7CVSS0.00276EPSS
Exploits0References2
OSV
OSV
added 4 days ago7 views

USN-8547-1 linux-gcp-5.15, linux-intel-iotg-5.15 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - RISC-V architecture; - Cryptographic API; - InfiniBand drivers; - IOMMU subsystem; - Network drivers; -...

9.8CVSS6.8AI score0.09796EPSS
Exploits4References66
Ubuntu
Ubuntu
added 4 days ago11 views

USN-8547-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - RISC-V architecture; - Cryptographic API; - InfiniBand drivers; - IOMMU subsystem; - Network drivers; -...

9.8CVSS6.8AI score0.09796EPSS
Exploits4
Nuclei
Nuclei
added 4 days ago257 views

Apache OFBiz < 18.12.10 - Arbitrary Code Execution

Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. id: CVE-2023-49070 info: name: Apache OFBiz 18.12.10 - Arbitrary Code Execution author: your3cho severity: critical description: | Pre-auth RCE in Apach...

9.8CVSS7.1AI score0.95442EPSS
Exploits11References5
Rows per page
Query Builder