Lucene search
K

39 matches found

NVD
NVD
added 2026/06/25 7:16 p.m.9 views

CVE-2026-46608

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s introduced a configurable CORS origin list in version 4.5.3 as a mitigation for CVE-2026-33533. However, the implementation silently falls back to Access-Control-Allow-Origin:...

7.4CVSS0.00401EPSS
Exploits1References2
OSV
OSV
added 2026/06/22 9:31 p.m.5 views

GHSA-W856-8P3R-P338 Glances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding Attack

Summary The Glances XML-RPC server glances -s, implemented in glances/server.py does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. CVE-2026-32632 patched in 4.5.2 added TrustedHostMiddleware to the REST/WebUI server; the MCP server has had equivalent protectio...

5.3CVSS6.1AI score0.00156EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/22 9:31 p.m.9 views

Glances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding Attack

Summary The Glances XML-RPC server glances -s, implemented in glances/server.py does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. CVE-2026-32632 patched in 4.5.2 added TrustedHostMiddleware to the REST/WebUI server; the MCP server has had equivalent protectio...

5.3CVSS6.1AI score0.00156EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2005-1994

Malware in sbrugna...

7.5CVSS7.3AI score0.06565EPSS
Exploits0References17
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2005-2114

Malware in sbrugna...

7.5CVSS6.4AI score0.01247EPSS
Exploits2References5
OSV
OSV
added 2024/07/11 11:54 a.m.17 views

USN-6891-1 python3.5, python3.6, python3.7, python3.8, python3.9, python3.10, python3.11, python3.12 vulnerabilities

It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 18.04 LTS. CVE-2015-20107 It was discovered that Python incorrectly used regular expressions vulnerable to...

9.8CVSS7.2AI score0.23293EPSS
Exploits27References42
NVD
NVD
added 2021/09/28 1:15 p.m.13 views

CVE-2021-37146

An infinite loop in Open Robotics roscomm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in roscomm via a crafted XMLRPC call...

7.5CVSS0.01946EPSS
Exploits0References3
OSV
OSV
added 2021/09/28 1:15 p.m.5 views

DEBIAN-CVE-2021-37146

An infinite loop in Open Robotics roscomm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in roscomm via a crafted XMLRPC call...

7.5CVSS7.4AI score0.01946EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/09/28 1:15 p.m.2 views

CVE-2021-37146

An infinite loop in Open Robotics roscomm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in roscomm via a crafted XMLRPC call...

7.5CVSS7.2AI score0.01946EPSS
Exploits0References4
Cvelist
Cvelist
added 2021/09/28 12:8 p.m.16 views

CVE-2021-37146

An infinite loop in Open Robotics roscomm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in roscomm via a crafted XMLRPC call...

7.5AI score0.01946EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2021/09/21 12:0 a.m.24 views

CVE-2021-37146

An infinite loop in Open Robotics roscomm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in roscomm via a crafted XMLRPC call...

7.5CVSS7.1AI score0.01946EPSS
Exploits0References5
OSV
OSV
added 2021/09/21 12:0 a.m.4 views

UBUNTU-CVE-2021-37146

An infinite loop in Open Robotics roscomm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in roscomm via a crafted XMLRPC call...

7.5CVSS7.2AI score0.01946EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.19 views

SUSE: Security Advisory (SUSE-SU-2012:0642-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.4CVSS9AI score0.0562EPSS
Exploits7References2
Tenable Nessus
Tenable Nessus
added 2020/12/09 12:0 a.m.69 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : php Multiple Vulnerabilities (NS-SA-2020-0059)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has php packages installed that are affected by multiple vulnerabilities: - In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HT...

9.8CVSS7.5AI score0.87606EPSS
Exploits4References5
Positive Technologies
Positive Technologies
added 2020/10/15 12:0 a.m.11 views

PT-2020-5780 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.5.2 Description: The issue is related to a lack of privilege management mechanism in the wp-includes/class-wp-xmlrpc-server.php component of the WordPress content management system. This allows attackers to gain...

9.8CVSS7.1AI score0.16119EPSS
Exploits1References47
Tenable Nessus
Tenable Nessus
added 2019/10/21 12:0 a.m.51 views

FreeBSD : python 3.7 -- multiple vulnerabilities (9b7491fb-f253-11e9-a50c-000c29c4dc65)

Python changelog : bpo-38243: Escape the server title of xmlrpc.server.DocXMLRPCServer when rendering the document page as HTML. bpo-38174: Update vendorized expat library version to 2.2.8, which resolves CVE-2019-15903. bpo-37764: Fixes email.headervalueparser.getunstructured going into an...

7.5CVSS7.3AI score0.06707EPSS
Exploits1References3
OSV
OSV
added 2019/09/28 2:15 a.m.2 views

DEBIAN-CVE-2019-16935

The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the servertitle field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If setservertitle is called with untrusted input, arbitrary...

6.1CVSS6.8AI score0.04698EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2019/09/21 12:0 a.m.8 views

PT-2019-5583 · Python +10 · Python +10

Name of the Vulnerable Software and Affected Versions: Python versions 2.7.16 and earlier, 3.x through 3.6.9, and 3.7.x through 3.7.4 Description: The issue is related to the documentation XML-RPC server in Python, which is vulnerable to cross-site scripting XSS attacks via the server title field...

10CVSS6.6AI score0.73327EPSS
Exploits76References585
FreeBSD
FreeBSD
added 2019/09/14 12:0 a.m.47 views

python 3.7 -- multiple vulnerabilities

Python changelog: bpo-38243: Escape the server title of xmlrpc.server.DocXMLRPCServer when rendering the document page as HTML. bpo-38174: Update vendorized expat library version to 2.2.8, which resolves CVE-2019-15903. bpo-37764: Fixes email.headervalueparser.getunstructured going into an infini...

7.5CVSS0.6AI score0.06707EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2019/04/04 12:0 a.m.41 views

EulerOS Virtualization 2.5.3 : php (EulerOS-SA-2019-1264)

According to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based...

9.8CVSS7.5AI score0.09317EPSS
Exploits2References3
Rows per page
Query Builder