Lucene search
K

1120 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/08 12:0 a.m.8 views

CVE-2025-69691

Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.execphp. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally allowed to execute PHP code...

6.3AI score0.0053EPSS
Exploits4References3
Vulnrichment
Vulnrichment
added 2026/05/08 12:0 a.m.8 views

CVE-2025-69691

Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.execphp. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally allowed to execute PHP code...

6.3AI score0.0053EPSS
Exploits4References2
OSV
OSV
added 2026/05/05 7:35 p.m.12 views

GHSA-2CWR-GCF9-PVXR Magento LTS has Weak API Session ID — Predictable MD5 of Time-Derived Inputs

Affected Version: OpenMage LTS ≤ 20.16.0 confirmed on 20.16.0 Affected File: https://github.com/OpenMage/magento-lts/blob/main/app/code/core/Mage/Api/Model/Session.php – start method Summary The XML-RPC / SOAP API session ID is generated using an outdated, time-based construction rather than a...

9.3CVSS5.8AI score0.00267EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/30 4:9 p.m.4 views

EUVD-2022-55964

Weaver Fanwei E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and...

8.7CVSS5.8AI score0.00705EPSS
Exploits0References6
Fedora
Fedora
added 2026/04/16 11:42 p.m.8 views

[SECURITY] Fedora 44 Update: kf6-kpeople-6.25.0-1.fc44

KDE Frameworks 6 Tier 3 library for interaction with XML RPC services...

5.8AI score
Exploits0
Veracode
Veracode
added 2026/04/04 5:30 a.m.8 views

Cross-Origin Data Theft

Glances is vulnerable to Cross-Origin Data Theft via XML-RPC Server CORS Misconfiguration. The vulnerability is due to the XML-RPC handler not validating the Content-Type header, where an attacker-controlled webpage can issue a CORS simple request containing a valid XML-RPC payload, and the serve...

7.1CVSS5.7AI score0.00409EPSS
Exploits1References3Affected Software1
SUSE CVE
SUSE CVE
added 2026/04/03 11:25 p.m.9 views

SUSE CVE-2026-33533

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, the Glances XML-RPC server activated with glances -s or glances --server sends Access-Control-Allow-Origin: on every HTTP response. Because the XML-RPC handler does not validate the Content-Type header, an...

6.5CVSS5.8AI score0.00409EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/04/03 5:0 p.m.6 views

CVE-2026-5344

A security vulnerability has been detected in Textpattern up to 4.9.1. Affected by this vulnerability is the function mtuploadImage of the file rpc/TXPRPCServer.php of the component XML-RPC Handler. The manipulation of the argument file.name leads to path traversal. Remote exploitation of the...

6.5CVSS6.2AI score0.00332EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/02 3:31 p.m.4 views

EUVD-2026-18346

A security vulnerability has been detected in Textpattern up to 4.9.1. Affected by this vulnerability is the function mtuploadImage of the file rpc/TXPRPCServer.php of the component XML-RPC Handler. The manipulation of the argument file.name leads to path traversal. Remote exploitation of the...

6.5CVSS5.4AI score0.00332EPSS
Exploits0References5
OSV
OSV
added 2026/04/02 3:16 p.m.3 views

UBUNTU-CVE-2026-33533

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, the Glances XML-RPC server activated with glances -s or glances --server sends Access-Control-Allow-Origin: on every HTTP response. Because the XML-RPC handler does not validate the Content-Type header, an...

7.1CVSS5.8AI score0.00409EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/02 2:56 p.m.22 views

CVE-2026-33533 Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, the Glances XML-RPC server activated with glances -s or glances --server sends Access-Control-Allow-Origin: on every HTTP response. Because the XML-RPC handler does not validate the Content-Type header, an...

7.1CVSS0.00409EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/02 2:45 p.m.25 views

CVE-2026-5344 Textpattern XML-RPC TXP_RPCServer.php mt_uploadImage path traversal

A security vulnerability has been detected in Textpattern up to 4.9.1. Affected by this vulnerability is the function mtuploadImage of the file rpc/TXPRPCServer.php of the component XML-RPC Handler. The manipulation of the argument file.name leads to path traversal. Remote exploitation of the...

6.5CVSS0.00332EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/02 2:45 p.m.2 views

CVE-2026-5344

A security vulnerability has been detected in Textpattern up to 4.9.1. Affected by this vulnerability is the function mtuploadImage of the file rpc/TXPRPCServer.php of the component XML-RPC Handler. The manipulation of the argument file.name leads to path traversal. Remote exploitation of the...

6.5CVSS6.1AI score0.00332EPSS
Exploits0References4
CVE
CVE
added 2026/04/02 2:45 p.m.11 views

CVE-2026-5344

Textpattern up to 4.9.1 is affected. The vulnerability lies in the XML-RPC Handler’s mt_uploadImage function (rpc/TXP_RPCServer.php) where manipulation of the file.name argument enables path traversal. This permits remote exploitation, and publicly disclosed exploits exist. The vendor has acknowl...

6.5CVSS6.1AI score0.00332EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/02 2:45 p.m.2 views

CVE-2026-5344 Textpattern XML-RPC TXP_RPCServer.php mt_uploadImage path traversal

A security vulnerability has been detected in Textpattern up to 4.9.1. Affected by this vulnerability is the function mtuploadImage of the file rpc/TXPRPCServer.php of the component XML-RPC Handler. The manipulation of the argument file.name leads to path traversal. Remote exploitation of the...

6.5CVSS6.1AI score0.00332EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.3 views

PT-2026-29786

A security vulnerability has been detected in Textpattern up to 4.9.1. Affected by this vulnerability is the function mt uploadImage of the file rpc/TXP RPCServer.php of the component XML-RPC Handler. The manipulation of the argument file.name leads to path traversal. Remote exploitation of the...

6.5CVSS6.1AI score0.00332EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/30 5:0 p.m.12 views

Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard

Summary The Glances XML-RPC server activated with glances -s or glances --server sends Access-Control-Allow-Origin: on every HTTP response. Because the XML-RPC handler does not validate the Content-Type header, an attacker-controlled webpage can issue a CORS "simple request" POST with Content-Typ...

7.1CVSS6AI score0.00409EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/03/30 5:0 p.m.5 views

GHSA-7P93-6934-F4Q7 Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard

Summary The Glances XML-RPC server activated with glances -s or glances --server sends Access-Control-Allow-Origin: on every HTTP response. Because the XML-RPC handler does not validate the Content-Type header, an attacker-controlled webpage can issue a CORS "simple request" POST with Content-Typ...

7.1CVSS6AI score0.00409EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.8 views

PT-2026-29154

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.3 Description Glances is a system cross-platform monitoring tool. The XML-RPC server activated with glances -s or glances --server sends Access-Control-Allow-Origin: on every HTTP response. Because the XML-RPC...

7.1CVSS5.8AI score0.00409EPSS
Exploits1References16
Tenable Nessus
Tenable Nessus
added 2026/01/19 12:0 a.m.4 views

MiracleLinux 7 : python3-3.6.8-17.el7 (AXSA:2020-630:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-630:02 advisory. python: XSS vulnerability in the documentation XML-RPC server in servertitle field CVE-2019-16935 python: wrong backtracking in...

7.1CVSS8.2AI score0.06617EPSS
Exploits2References3
Rows per page
Query Builder