CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

30 matches found

Cvelist•added 2026/05/08 12:0 a.m.•28 views

CVE-2025-69691

Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.execphp. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally allowed to execute PHP code...

0.00032EPSS

Exploits4References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2010-5066

Malware in sbrugna...

6.5CVSS6.1AI score0.00302EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2016-6677

Malware in sbrugna...

9.8CVSS9.3AI score0.01022EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2008-2101

Malware in sbrugna...

4CVSS6.4AI score0.00286EPSS

Exploits0References9

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-8962

Malware in sbrugna...

9.8CVSS9.5AI score0.01036EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2014-8885

Malware in sbrugna...

7.5CVSS6.1AI score0.00356EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-6117

Malware in sbrugna...

7.8CVSS7.6AI score0.00826EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2007-4522

Malware in sbrugna...

5CVSS6.1AI score0.00583EPSS

Exploits1References12

Tenable Nessus•added 2025/08/25 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2017-9062

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API. CVE-2017-9062 Note that Nessus relies on the presence of the...

8.6CVSS7.7AI score0.01674EPSS

Exploits0References2

RedhatCVE•added 2025/05/22 1:48 a.m.•6 views

CVE-2010-5106

The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role...

6.5CVSS6.6AI score0.00302EPSS

Exploits1References1

SUSE CVE•added 2023/02/15 5:25 a.m.•1 views

SUSE CVE-2014-8163

Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5...

6.5CVSS7AI score0.00684EPSS

Exploits0References3

CNNVD•added 2021/10/20 12:0 a.m.•1 views

Six Apart Movable Type 操作系统命令注入漏洞

Six Apart Movable Type is an application from Six Apart, Inc. A command injection vulnerability exists in Six Apart Movable Type due to incorrect input validation in the Movable Type XMLRPC API, which can be exploited by an unauthenticated remote attacker to execute arbitrary operating system...

9.8CVSS6.3AI score0.94187EPSS

Exploits11References10

Openbugbounty•added 2018/06/04 12:23 p.m.•9 views

mp3.com Improper Access Control vulnerability

Open Bug Bounty ID: OBB-627003 Description| Value ---|--- Affected Website:| mp3.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Wordpress Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

Exploits0

Tenable Nessus•added 2018/05/11 12:0 a.m.•28 views

WordPress XML-RPC Interface Detected

A public facing WordPress XML-RPC interface has been detected. An attacker may be able to launch attacks against the web server Via XML-RPC including: - Login into WordPress backend Administrative interface - Brute force user credentials - Use pingbacks for scanning or fingerprinting for example ...

7.3AI score

Exploits0References2

RedHat Linux•added 2017/10/24 12:15 a.m.•2 views

supervisor: Command injection via malicious XML-RPC request

A vulnerability was found in the XML-RPC interface in supervisord. When processing malformed commands, an attacker can cause arbitrary shell commands to be executed on the server as the same user as supervisord. Exploitation requires the attacker to first be authenticated to the supervisord servi...

9CVSS7.4AI score0.93832EPSS

Exploits10References4

Prion•added 2017/09/20 8:29 p.m.•10 views

Design/Logic Flaw

An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. When a failed login attempt is made to the login endpoint of the XML-RPC interface, if JavaScript code, properly encoded to be consumed by XML parsers, is embedded as value of the user element, the code will be rendered in the...

4.3CVSS6.2AI score0.00356EPSS

Exploits1References3Affected Software1

Prion•added 2017/09/20 8:29 p.m.•13 views

Design/Logic Flaw

An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. If a login attempt is made in the XML-RPC interface with an XML message containing an empty member element, the wgagent crashes, logging out any user with a session opened in the UI. By continuously executing the failed login...

7.8CVSS7.5AI score0.00826EPSS

Exploits1References2Affected Software1

Cvelist•added 2017/09/20 8:0 p.m.•27 views

CVE-2017-14615

6.5AI score0.00356EPSS

Exploits1References3

CNVD•added 2017/08/29 12:0 a.m.•1 views

Red Hat Satellite Directory Traversal Vulnerability

Red Hat Satellite is a suite of system management platforms from Red Hat, Inc. that can be used to extend Linux infrastructures and provide system management functions such as administration, configuration, and monitoring. A directory traversal vulnerability exists in the XMLRPC interface in Red...

6.5CVSS6.7AI score0.00684EPSS

Exploits0References1

NVD•added 2017/01/23 9:59 p.m.•11 views

CVE-2016-5742

SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

9.8CVSS10AI score0.01022EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by