CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

94 matches found

Cobbler - Authentication Bypass

Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ and possibly even older versions, may be vulnerable to an authentication bypass vulnerability in XMLRPC API /cobblerapi that can result in privilege escalation, data manipulation or exfiltration, and LDAP credential harvesting...

9.8CVSS7.2AI score0.60008EPSS

Exploits0References4

OSV•added 2025/10/28 2:41 p.m.•1 views

SUSE-SU-2025:3839-1 Security update 5.1.1 for Multi-Linux Manager Server

This update fixes the following issues: Multi-Linux-Manager-Server-SLE-release: - Update for the release packages for fixing the EOL - Fixed migration issue bsc1243486 server-attestation-image was updated from version 5.1.7 to 5.1.10: - CVE-2025-53192: Do not use apache-commons-ognl but its...

8.8CVSS5.8AI score0.00083EPSS

Exploits0References23

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2015-2280

Malware in sbrugna...

6.5CVSS6.1AI score0.01762EPSS

Exploits0References11

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2015-0297

Malware in sbrugna...

5.4CVSS5.7AI score0.00269EPSS

Exploits0References10

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2014-2075

Malware in sbrugna...

9.8CVSS9.3AI score0.094EPSS

Exploits5References7

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2014-2073

Malware in sbrugna...

3.5CVSS9.4AI score0.00912EPSS

Exploits4References9

EUVD•added 2025/10/07 12:30 a.m.•6 views

EUVD-2014-2074

Malware in sbrugna...

7.1CVSS9.4AI score0.00931EPSS

Exploits4References7

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-3869

Malicious code in bioql PyPI...

7.5CVSS9.3AI score0.00474EPSS

Exploits1References18

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2021-8259

Malicious code in bioql PyPI...

9.8CVSS9.5AI score0.01155EPSS

Exploits0References2

RedhatCVE•added 2025/05/22 6:17 p.m.•4 views

CVE-2021-20850

PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and earlier, PowerCMS 3.295 and earlier, and PowerCMS 2 Series End-of-Life, EOL allows a remote attacker to execute an arbitrary OS command via unspecified vectors...

9.8CVSS7.5AI score0.01155EPSS

Exploits0References1

Packet Storm•added 2025/03/06 12:0 a.m.•199 views

WordPress Pingback Checker Server-Side Request Forgery

WordPress versions prior to 3.5.1 have a server-side request forgery issue that can be leveraged by the pingback checker tool. ============================================================================================================================================= | Title : WordPress before...

7.2AI score

Exploits0

Tenable Nessus•added 2025/03/04 12:0 a.m.•8 views

Linux Distros Unpatched Vulnerability : CVE-2018-1000226

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable...

9.8CVSS8.1AI score0.60008EPSS

Exploits0References2

Tenable Nessus•added 2024/05/11 12:0 a.m.•25 views

RHEL 8 : cobbler (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - cobbler: XMLRPC API endpoints are not correctly validating security tokens CVE-2018-1000226 - Cobbler...

8.6AI score0.60008EPSS

Exploits0References2

Oracle linux•added 2022/12/05 12:0 a.m.•62 views

spacewalk-backend spacewalk-java security update

spacewalk-backend 2.10.28-1.0.13 - Fix HTTP 500 and ORA-01830 on client scap report Orabug: 34823889 2.10.28-1.0.12 - Handle remote commands that return no output. Orabug: 32530545 2.10.28-1.0.11 - Make spacewalk-debug copy symlink target instead of the symlink itself. Orabug: 32514543...

4.3CVSS0.1AI score0.00218EPSS

Exploits1

Prion•added 2022/11/10 3:15 p.m.•18 views

Path traversal

A Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files...

4CVSS4.5AI score0.00218EPSS

Exploits1References1Affected Software2

ATTACKERKB•added 2022/09/08 8:15 a.m.•1 views

CVE-2022-33941

PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products/versions are as...

9.8CVSS6AI score0.05225EPSS

Exploits0References3Affected Software1

Cvelist•added 2022/09/08 7:10 a.m.•12 views

CVE-2022-33941

9.9AI score0.05225EPSS

Exploits0References2

Positive Technologies•added 2022/09/08 12:0 a.m.•1 views

PT-2022-21927 · Alfasado · Powercms

Name of the Vulnerable Software and Affected Versions: PowerCMS versions 6.021 and earlier PowerCMS versions 5.21 and earlier PowerCMS versions 4.51 and earlier PowerCMS 3 Series and earlier Description: The PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection issue. By...

9.8CVSS9.7AI score0.05225EPSS

Exploits0References6

UbuntuCve•added 2022/08/24 9:15 a.m.•49 views

CVE-2022-38078

Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products and...

9.8CVSS7.3AI score0.05225EPSS

Exploits0References3

Prion•added 2022/08/24 9:15 a.m.•14 views

Command injection

7.5CVSS9.8AI score0.05225EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by