CVE-2023-43187

A remote code execution RCE vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests...

EUVD-2025-22048

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2012-6531

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 1 ZendDom, 2 ZendFeed, and 3 ZendSoap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow...

WordPress Authentication and xmlrpc log writer plugin cross-site scripting vulnerability

The WordPress Authentication and xmlrpc log writer plugin is a plugin for logging failed login attempts e.g. brute-force attacks and invalid XMLRPC requests, primarily for processing data and protecting against it with tools like fail2ban. The WordPress Authentication and xmlrpc log writer plugin...

WordPress Information Disclosure Vulnerability (Jul 2025) - Windows

WordPress is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-54352

WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not changing this behavior...

CVE-2025-54352

WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not changing this behavior...

CVE-2025-54352

WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not changing this behavior...

Remote code execution

A remote code execution RCE vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests...

CVE-2023-43187

A remote code execution RCE vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests...

PHP <= 5.3.2 xmlrpc Extension Multiple Remote Denial of Service Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/38708/info PHP's xmlrpc extension library is prone to multiple denial-of-service vulnerabilities because it fails to properly handle crafted XML-RPC requests. Exploiting these issues allows remote attackers to cause...

Jetpack Plugin for WordPress Security Bypass

The WordPress Jetpack plugin installed on the remote host is affected by a security bypass vulnerability due to a flaw in the 'class.jetpack.php' script. This can allow a remote, unauthenticated attacker to submit crafted XML-RPC requests that bypass access controls, allowing the attacker to...

162,000 WordPress Sites Used in DDoS Attack

More than 162,000 “popular and clean” WordPress sites were recently used in a large-scale distributed denial of service attack DDoS that exploited the content management system’s pingback feature. While the WordPress team is aware of the issue it’s not expected to be patched as it’s a default...

Design/Logic Flaw

servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service CPU and memory consumption, via an XML-RPC request containing an entity declaration in conjunction with an entity reference,...

Oracle Virtual Server Agent Command Injection (CVE-2010-3582)

Oracle VM software provides virtualization technology that allows the running of multiple instances of x86 virtual computers simultaneously within the hosting operating system. A command injection vulnerability exists in Oracle VM. The vulnerability is due to an input validation error in proxy...

CVE-2007-4539

The WebService XML-RPC interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote attackers to obtain sensitive information via certain XML-RPC requests, as demonstrated by the 1 Deadline and 2 Estimated Time fields...

Zope 2.x - Incorrect XML-RPC Request Information Disclosure

Zope 2.x - Incorrect XML-RPC Request Information Disclosure source: https://www.securityfocus.com/bid/5806/info A vulnerability has been reported for Zope 2.5.1 and earlier. Reportedly, Zope does not handle XML-RPC requests properly. Specially crafted XML-RPC requests may cause Zope to respond to...