CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

101 matches found

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2007-3132

Malware in sbrugna...

6.5CVSS6.1AI score0.02571EPSS

Exploits0References8

Hacker One•added 2023/12/29 11:33 a.m.•51 views

Nextcloud: xmlrpc.php &wp-cron.php files are enabled, and will used for (DDOS),(DOS) and broutforce users attack.

The xmlrpc.php and wp-cron.php files were found to be enabled on the target website, which could allow attackers to perform denial of service attacks. Username enumeration via the RSS generator identified several valid usernames. The xmlrpc.php file could be used to cause a DDOS attack by sending...

Prion•added 2023/09/27 3:19 p.m.•20 views

Remote code execution

A remote code execution RCE vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests...

7.5CVSS9.7AI score0.87697EPSS

Exploits1References1Affected Software1

Hacker One•added 2022/07/02 1:13 p.m.•16 views

Top Echelon Software: xmlrpc.php FILE IS enable it will used for Bruteforce attack and Denial of Service(DoS)

xmlrpc.php was enabled even though we did not make use of any of its functionality - it is now disabled...

Hacker One•added 2021/11/23 10:31 p.m.•6 views

MTN Group: Wordpress users disclosure from json and xml file

Summary: It's possible to get information about the users registered such as: username without authentication in Wordpress via API on: https://www.mtn.co.sz/wp-json/oembed/1.0/embed?url=https://www.mtn.co.sz/&format=json https://www.mtn.co.sz/author-sitemap.xml Steps To Reproduce: The path...

Hacker One•added 2021/05/29 9:31 p.m.•14 views

Showmax: xmlrpc.php is publicly available at https://stories.showmax.com/xmlrpc.php

Summary: Greetings @Showmax, i found an xmlrpc.php file on https://stories.showmax.com, it's publicly available and it accepts POST requests. Description: your site is a WordPress site based, xmlrpc.php is a file that is intended to make API calls between hosts, if it's enabled on a WordPress sit...

Hacker One•added 2021/01/25 5:7 p.m.•42 views

BlockDev Sp. Z o.o: xmlrpc.php FILE IS enabled it will used for Bruteforce attack and Denial of Service(DoS)

xmlrpc.php file is visible...

Hacker One•added 2020/07/16 4:29 p.m.•55 views

MTN Group: [play.mtn.co.za] Application level DoS via xmlrpc.php

Description Wordpress that have xmlrpc.php enabled for pingbacks, trackbacks, etc. can be made as a part of a huge botnet causing a major DOS/SSRF. The website play.mtn.co.za has the xmlrpc.php file enabled and could thus be potentially used for such an attack against other victim hosts. hackeron...

Hacker One•added 2020/05/28 2:33 p.m.•295 views

U.S. Dept Of Defense: xmlrpc.php FILE IS enable which enables attacker to XSPA Brute-force and even Denial of Service(DOS), in https://████/xmlrpc.php

Summary: Hello team, I have found a security vulnerability inhttps://███████/xmlrpc.php which lets attacker to: 1: XSPA or PortScan 2: Bruteforce 3:DOS and much more Description: Impact Step-by-step Reproduction Instructions █████████ 1: Go to https://██████/xmlrpc.php to check if it is enabled o...

Hacker One•added 2020/01/18 4:13 a.m.•61 views

BlockDev Sp. Z o.o: xmlrpc.php FILE IS enable it will used for Bruteforce attack

xmlrpc.php FILE IS enable it will used for Bruteforce attack...

Hacker One•added 2020/01/07 8:3 p.m.•156 views

Ian Dunn: xmlrpc.php FILE IS enable it can be used for conducting a Bruteforce attack and Denial of Service(DoS)

Hi Team, The website https://www.iandunn.name has the xmlrpc.php file enabled and could thus be potentially used for such an attack against other victim hosts. Wordpress that have xmlrpc.php enabled for pingbacks, trackbacks, etc. can be made as a part of a huge botnet causing a major DDOS. URL:...

CNVD•added 2019/12/23 12:0 a.m.•1 views

WordPress Core xmlrpc.php Denial of Service Vulnerability

WordPress is a blogging platform developed using the PHP language that allows users to set up their weblogs on servers that support PHP and MySQL databases. A denial of service vulnerability exists in WordPress Core xmlrpc.php. An attacker can exploit the vulnerability to launch a denial of servi...

Exploits0References1

exploitpack•added 2019/12/17 12:0 a.m.•50 views

WordPress Core 5.3.x - xmlrpc.php Denial of Service

WordPress Core 5.3.x - xmlrpc.php Denial of Service !/usr/bin/env python WordPress methodNamepingback.ping" entry += f"paramspingback/COUNT" entry += f"paramspingback/uuid.uuid4" entry += f"target/?p=1" entry += f"target/e" taxes DB more return entry def buildrequestpingback,target,entries: prefi...

Exploit DB•added 2019/12/17 12:0 a.m.•138 views

WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service

!/usr/bin/env python WordPress methodNamepingback.ping" entry += f"paramspingback/COUNT" entry += f"paramspingback/uuid.uuid4" entry += f"target/?p=1" entry += f"target/e" taxes DB more return entry def buildrequestpingback,target,entries: prefix = "system.multicall" suffix = "" request = prefix...

Hacker One•added 2019/12/05 4:55 p.m.•275 views

Nord Security: xmlrpc.php FILE IS enable it will used for Bruteforce attack and Denial of Service(DoS)

Hi Team, The website https://www.nordvpn.com has the xmlrpc.php file enabled and could thus be potentially used for such an attack against other victim hosts. Wordpress that have xmlrpc.php enabled for pingbacks, trackbacks, etc. can be made as a part of a huge botnet causing a major DDOS. URL:...

Hacker One•added 2019/11/28 2:19 a.m.•13 views

BlockDev Sp. Z o.o: xmlrpc.php file is enable it will used for (Denial of Service) and bruteforce attack

xmlrpc.php file is enable it will used for Denial of Service and bruteforce attack...

Hacker One•added 2019/08/14 11:6 a.m.•187 views

GSA Bounty: xmlrpc.php file enabled - data.gov

Wordpress that have xmlrpc.php enabled for pingbacks, trackbacks, etc. can be made as a part of a huge botnet causing a major DDOS. this website www.data.gov has the xmlrpc.php file enabled. Impact This can be automated from multiple hosts and be used to cause a mass DDOS attack on the victim...

Openbugbounty•added 2019/07/10 4:47 p.m.•8 views

searchenginejournal.com Improper Access Control vulnerability OBB-893859

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| searchenginejournal.com ---|--- Open Bu...

Hacker One•added 2018/11/21 5:29 p.m.•15 views

FormAssembly: xmlrpc.php file is enable it will used for (DOS) and bruteforce attack

Wordpress that have xmlrpc.php enabled for pingbacks, trackbacks, etc. can be made as a part of a huge botnet causing a major DDOS. The website https://www.formassembly.com/ has the xmlrpc.php file enabled and could thus be potentially used for such an attack against other victim hosts. In order ...

Openbugbounty•added 2018/09/17 9:46 p.m.•10 views

waterwaysholidays.com Improper Access Control vulnerability

Open Bug Bounty ID: OBB-677607 Description| Value ---|--- Affected Website:| waterwaysholidays.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by