Lucene search
K

1086 matches found

Nuclei
Nuclei
added yesterday150 views

PaperCut NG Unauthenticated XMLRPC Functionality

PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch. id: CVE-2023-4568 info: name: PaperCut NG Unauthenticated XMLRPC Functionality...

6.5CVSS6.6AI score0.03568EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday99 views

Cobbler - Authentication Bypass

Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ and possibly even older versions, may be vulnerable to an authentication bypass vulnerability in XMLRPC API /cobblerapi that can result in privilege escalation, data manipulation or exfiltration, and LDAP credential harvesting...

9.8CVSS7.1AI score0.12484EPSS
Exploits0References4
OSV
OSV
added last week5 views

PYSEC-2026-313 Cobbler has Exposed Dangerous Method or Function

It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon...

9.8CVSS7.4AI score0.6786EPSS
Exploits0References16
Cvelist
Cvelist
added 2026/06/26 1:11 a.m.36 views

CVE-2026-50744

A bypass to the admin‑only restriction of the XML‑RPC API in Revive Adserver 6.0.7. The API response for the ox.login method returned a session ID cookie in the HTTP headers, and although the method correctly returned an error, the associated session was not invalidated. As a result, the leaked...

4.3CVSS0.00173EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 7:16 p.m.9 views

CVE-2026-46608

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s introduced a configurable CORS origin list in version 4.5.3 as a mitigation for CVE-2026-33533. However, the implementation silently falls back to Access-Control-Allow-Origin:...

7.4CVSS0.00401EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 8:16 a.m.12 views

CVE-2026-7761

The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2.11.4. This is due to a chain of three logic bugs: 1 an MD5 hash fallback in getdirectorybyhash that allows any post to be used as a member directory ...

8.8CVSS0.00499EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/06/24 6:49 a.m.30 views

CVE-2026-7761 Ultimate Member <= 2.11.4 - Authenticated (Contributor+) Account Takeover via Password Reset Link Disclosure

The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2.11.4. This is due to a chain of three logic bugs: 1 an MD5 hash fallback in getdirectorybyhash that allows any post to be used as a member directory ...

8.8CVSS0.00499EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/06/22 9:31 p.m.6 views

Glances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding Attack

Summary The Glances XML-RPC server glances -s, implemented in glances/server.py does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. CVE-2026-32632 patched in 4.5.2 added TrustedHostMiddleware to the REST/WebUI server; the MCP server has had equivalent protectio...

5.3CVSS6.1AI score0.00156EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-47845

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH includes a vulnerable function, PREFIXprologTok, in...

5.3CVSS5.4AI score0.00223EPSS
Exploits0References2
Mageia
Mageia
added 2026/06/05 5:37 p.m.12 views

Updated xmlrpc-c packages fix security vulnerabilities

This update fixes the vulnerabilities by no longer building with the vulnerable bundled libexpat version...

9.8CVSS6.6AI score0.34174EPSS
Exploits2References1
OSV
OSV
added 2026/06/05 5:37 p.m.17 views

MGASA-2026-0173 Updated xmlrpc-c packages fix security vulnerabilities

This update fixes the vulnerabilities by no longer building with the vulnerable bundled libexpat version...

9.8CVSS6.6AI score0.34174EPSS
Exploits2References2
OSV
OSV
added 2026/05/27 4:7 a.m.15 views

USN-8313-1 xmlrpc-c vulnerabilities

It was discovered that Expat, vendored in XML-RPC, incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

9.8CVSS7.1AI score0.34174EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/05/26 6:33 p.m.100 views

IMVU-Exploits

IMVU Exploits IMVU Classic Client v3.6.15 - Complete exploita...

10CVSS5.8AI score0.94354EPSS
Exploits6
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/26 2:3 p.m.20 views

Security Bulletin: Multiple Vulnerabilities in IBM Tivoli Netcool/OMNIbus_GUI

Summary Multiple vulnerabilities were addressed in IBM Tivoli Netcool/OMNIbusGUI 8.1.0 Fix Pack 41. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible i...

9.8CVSS6.1AI score0.0644EPSS
Exploits2Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/15 1:57 a.m.9 views

CVE-2026-44193

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, the XMLRPC method opnsense.restoreconfigsection fails to sanitize user supplied input leading to Remote Code Execution. This vulnerability is fixed in 26.1.7...

9.1CVSS5.8AI score0.00686EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/13 9:52 p.m.10 views

CVE-2026-44193 OPNsense: RCE via XMLRPC endpoint using `opnsense.restore_config_section` method

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, the XMLRPC method opnsense.restoreconfigsection fails to sanitize user supplied input leading to Remote Code Execution. This vulnerability is fixed in 26.1.7...

9.1CVSS5.8AI score0.00686EPSS
Exploits1References1
CVE
CVE
added 2026/04/30 4:9 p.m.24 views

CVE-2022-50992

Weaver E-cology 9.5 (pre-10.52) is affected by an unauthenticated arbitrary file read via the XmlRpcServlet at the XML-RPC endpoint. The vulnerability arises in WorkflowService.getAttachment and WorkflowService.LoadTemplateProp, allowing remote attackers to read arbitrary files (including system ...

8.7CVSS5.7AI score0.00705EPSS
In wildExploits0References6
Vulnrichment
Vulnrichment
added 2026/04/30 4:9 p.m.7 views

CVE-2022-50992 Weaver E-cology 9.5 Unauthenticated Arbitrary File Read via XmlRpcServlet

Weaver Fanwei E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and...

8.7CVSS5.7AI score0.00705EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/30 4:9 p.m.5 views

CVE-2022-50992

Weaver Fanwei E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and...

8.7CVSS5.7AI score0.00705EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/30 4:9 p.m.30 views

CVE-2022-50992 Weaver E-cology 9.5 Unauthenticated Arbitrary File Read via XmlRpcServlet

Weaver Fanwei E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and...

8.7CVSS0.00705EPSS
Exploits0References6
Rows per page
Query Builder