21 matches found
CVE-2026-44895
GitLab MCP Server lets an AI agent talk directly to GitLab. Prior to 0.6.0, the HTTP transport in src/transport.ts ships with no authentication layer at all and a wildcard Access-Control-Allow-Origin: on every response. The structural defect is that the SSE server stands up a stateful,...
CVE-2026-44895
GitLab MCP Server lets an AI agent talk directly to GitLab. Prior to 0.6.0, the HTTP transport in src/transport.ts ships with no authentication layer at all and a wildcard Access-Control-Allow-Origin: on every response. The structural defect is that the SSE server stands up a stateful,...
CVE-2023-40293
Harman Infotainment 20190525031613 and later allows command injection via unauthenticated RPC with a D-Bus connection object...
EUVD-2019-13547
Malware in sbrugna...
EUVD-2020-29630
Malware in sbrugna...
EUVD-2023-44886
Malicious code in bioql PyPI...
EUVD-2023-42333
Malicious code in bioql PyPI...
CVE-2023-38534
Improper authentication vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.0 and 12.5.1. The vulnerability could allow disclosure of restricted information in unauthenticated RPC...
CVE-2019-3942
Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password...
Authentication flaw
Improper authentication vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.0 and 12.5.1. The vulnerability could allow disclosure of restricted information in unauthenticated RPC...
CVE-2023-38534
Improper authentication vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.0 and 12.5.1. The vulnerability could allow disclosure of restricted information in unauthenticated RPC...
CVE-2023-40293
Harman Infotainment 20190525031613 and later allows command injection via unauthenticated RPC with a D-Bus connection object...
Command injection
Harman Infotainment 20190525031613 and later allows command injection via unauthenticated RPC with a D-Bus connection object...
CVE-2023-40293
Harman Infotainment 20190525031613 and later allows command injection via unauthenticated RPC with a D-Bus connection object...
CVE-2020-8782
Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution...
CVE-2020-8782
The CVE-2020-8782 entry details a vulnerability in Sierra Wireless ALEOS (AirLink gateways) where an unauthenticated RPC server in ALEOS versions prior to 4.4.9, 4.9.5, and before 4.14.0 allows remote code execution. Affected component: ALEOS RPC service; root cause: unauthenticated RPC interface...
CVE-2019-3940
Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unauthenticated, remote attacker can use this vulnerability to execute arbitrary code...
CVE-2019-3940
CVE-2019-3940 affects Advantech WebAccess 8.3.4. The vulnerability is a file upload issue via an unauthenticated RPC call, enabling a remote attacker to execute arbitrary code. No exploit details or remediation/version fix are provided in the supplied documents; impact is indicated as remote code...
CVE-2018-1000093
CryptoNote version version 0.8.9 and possibly later contain a local RPC server which does not require authentication, as a result the walletd and the simplewallet RPC daemons will process any commands sent to them, resulting in remote command execution and a takeover of the cryptocurrency wallet ...
CVE-2018-1000093
CryptoNote version version 0.8.9 and possibly later contain a local RPC server which does not require authentication, as a result the walletd and the simplewallet RPC daemons will process any commands sent to them, resulting in remote command execution and a takeover of the cryptocurrency wallet ...