116 matches found
CVE-2026-48614
An improper authorization vulnerability in the Plesk XML API allows an authenticated user to inject arbitrary configuration directives, resulting in arbitrary file write as root and full privilege escalation on the underlying server...
CVE-2026-48614
The CVE-2026-48614 vector affects the Plesk XML API. An improper authorization flaw allows an authenticated user to inject arbitrary configuration directives, enabling arbitrary file writes as root and full privilege escalation on the underlying server. The available sources describe the impact a...
PT-2026-55960
An improper authorization vulnerability in the Plesk XML API allows an authenticated user to inject arbitrary configuration directives, resulting in arbitrary file write as root and full privilege escalation on the underlying server...
CVE-2017-18478
In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions SEC-207...
CVE-2017-20212
FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input parameters. Attackers can exploit the /var/www/data/controllers/api/xml.php readFile function to access...
openjdk: Enhance Path Factories (Oracle CPU 2025-10)
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle...
EUVD-2018-18806
Malware in sbrugna...
EUVD-2019-10277
Malware in sbrugna...
EUVD-2017-9594
Malware in sbrugna...
EUVD-2021-26410
Malware in sbrugna...
EUVD-2012-1490
Malware in sbrugna...
EUVD-2012-4023
Malware in sbrugna...
EUVD-2024-49963
Malicious code in bioql PyPI...
EUVD-2023-59004
Malicious code in bioql PyPI...
CVE-2012-1472
VMware vCenter Chargeback Manager aka CBM before 2.0.1 does not properly handle XML API requests, which allows remote attackers to read arbitrary files or cause a denial of service via unspecified vectors...
CVE-2019-14984
eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because the undocumented addons/xmlapi/exec.cgi script uses CMDEXEC to execute TCL code from a POST request...
CVE-2013-3617
The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity XXE iss...
CVE-2024-9471
A privilege escalation PE vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with...
CVE-2024-9471
A privilege escalation PE vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with...
CVE-2024-9471 PAN-OS: Privilege Escalation (PE) Vulnerability in XML API
A privilege escalation PE vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with...