CVE-2026-25551

Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remoting endpoint is bound to localhost on TCP port 7375 via BtSystem.Service.exe, limiting the attack...

CVE-2026-25551

Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remoting endpoint is bound to localhost on TCP port 7375 via BtSystem.Service.exe, limiting the attack...

PT-2026-46298

Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remoting endpoint is bound to localhost on TCP port 7375 via BtSystem.Service.exe, limiting the attack...

CVE-2026-27749

CVE-2026-27749 affects Avira Internet Security, specifically the System Speedup component. The vulnerability arises from deserialization of untrusted data by the privileged process Avira.SystemSpeedup.RealTimeOptimizer.exe (running as SYSTEM) which reads a file under C:\ProgramData and deserializ...

CVE-2026-27749

Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file located in C:\ProgramData using .NET BinaryFormatter without...

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2025-59287 ⚠ This tool is created solely for educatio...

📄 Microsoft Windows Server Update Services Remote Code Execution

This is a proof of concept exploit for Microsoft Windows Server Update Services that leverages an unsafe deserialization of untrusted data in WSUS's AuthorizationCookie handling. This file demonstrates payload generation in C. using System; using System.IO; using System.Security.Cryptography; usi...

EUVD-2025-24595

Malicious code in bioql PyPI...

EUVD-2025-29630

Malicious code in bioql PyPI...

CVE-2025-59050

Greenshot is an open source Windows screenshot utility. Greenshot 1.3.300 and earlier deserializes attacker-controlled data received in a WMCOPYDATA message using BinaryFormatter.Deserialize without prior validation or authentication, allowing a local process at the same integrity level to trigge...

CVE-2025-59050 Greenshot — Insecure .NET deserialization via WM_COPYDATA enables local code execution

Greenshot is an open source Windows screenshot utility. Greenshot 1.3.300 and earlier deserializes attacker-controlled data received in a WMCOPYDATA message using BinaryFormatter.Deserialize without prior validation or authentication, allowing a local process at the same integrity level to trigge...

CVE-2025-1994

IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the BinaryFormatter function...

CVE-2025-34153

Hyland OnBase versions prior to 17.0.2.87 other versions may be affected are vulnerable to unauthenticated remote code execution via insecure deserialization on the .NET Remoting TCP channel. The service registers a listener on port 6031 with the URI endpoint TimerServer, implemented in...

CVE-2025-34153

Hyland OnBase versions prior to 17.0.2.87 other versions may be affected are vulnerable to unauthenticated remote code execution via insecure deserialization on the .NET Remoting TCP channel. The service registers a listener on port 6031 with the URI endpoint TimerServer, implemented in...

CVE-2025-34153 Hyland OnBase < 17.0.2.87 .NET Remoting TCP Channel Unauthenticated RCE

Hyland OnBase versions prior to 17.0.2.87 other versions may be affected are vulnerable to unauthenticated remote code execution via insecure deserialization on the .NET Remoting TCP channel. The service registers a listener on port 6031 with the URI endpoint TimerServer, implemented in...

Greenshot 1.3.274 Deserialization / Command Execution Exploit

There exists a .NET deserialization vulnerability in Greenshot versions 1.3.274 and below. The deserialization allows the execution of commands when a user opens a Greenshot file. The commands execute under the same permissions as the Greenshot service. Typically, it is the logged in user. This...

PT-2022-7391 · Siemens +1 · Simatic Step 7 +2

Name of the Vulnerable Software and Affected Versions: SIMATIC PCS neo version 4.0 SIMATIC STEP 7 versions 16 through 17 SIMATIC STEP 7 versions 18 through 18 Update 1 Description: A vulnerability has been identified in the affected applications, which do not properly restrict the .NET...

CVE-2022-28684

This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Authentication is required to exploit this vulnerability. The specific flaw exists within the SafeBinaryFormatter library. The issue results from the lack of proper validation of...

Arbitrary Code Execution

Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Arbitrary Code Execution via the ReceiveVarData function in the SocketClient.cs component. The socket client in the package can pass in the payload via the user-controllable input after it...

Deserialization of Untrusted Data

Overview SinGooCMS.Utility is a collection of tools, including configuration, file, date, data, serialization, reflection, image processing, network, cache, Web related, encryption and decryption, compression, class expansion and other tools, almost covering the development of All tool...