CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19 matches found

[SECURITY] Fedora 43 Update: perl-Sereal-5.005-1.fc43

Sereal is an efficient, compact-output, binary and feature-rich serialization protocol. The Perl encoder is implemented as the Sereal::Encoder module, the Perl decoder correspondingly as Sereal::Decoder. This Sereal module is a very thin wrapper around both Sereal::Encoder and Sereal::Decoder. It...

5.8AI score

Exploits0

RedhatCVE•added 2025/10/17 8:40 a.m.•4 views

CVE-2025-54539

A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to and including 2.3.0, when establishing connections to untrusted AMQP servers. Malicious servers could exploit unbounded deserializatio...

9.8CVSS7.7AI score0.01309EPSS

Exploits0References1

Github Security Blog•added 2025/10/16 9:30 a.m.•10 views

Apache ActiveMQ NMS AMQP Client has a Deserialization of Untrusted Data vulnerability

9.8CVSS7.8AI score0.01309EPSS

Exploits0References4Affected Software1

OSV•added 2025/10/16 9:15 a.m.•1 views

CVE-2025-54539

9.8CVSS6.2AI score0.01309EPSS

Exploits0References2

CVE•added 2025/10/16 8:26 a.m.•30 views

CVE-2025-54539

Apache ActiveMQ NMS AMQP Client (vulnerable up to 2.3.0) suffers Deserialization of Untrusted Data due to unbounded deserialization logic when connecting to untrusted AMQP servers. Malicious responses could lead to arbitrary code execution on the client side; a 2.1.0 deserialization restriction v...

9.8CVSS7.4AI score0.01309EPSS

Exploits0References2Affected Software1

Cvelist•added 2025/10/16 8:26 a.m.•7 views

CVE-2025-54539 Apache ActiveMQ NMS AMQP Client: Deserialization of Untrusted Data

0.01309EPSS

Exploits0References1

GitLab Advisory Database•added 2025/10/16 12:0 a.m.•6 views

Apache ActiveMQ NMS AMQP Client has a Deserialization of Untrusted Data vulnerability

9.8CVSS7.8AI score0.01309EPSS

Exploits0References4

OSV•added 2025/04/18 6:31 p.m.•2 views

GHSA-9G64-R942-FVMP Apache ActiveMQ NMS OpenWire Client Deserialization of Untrusted Data vulnerability

Deserialization of Untrusted Data vulnerability in Apache ActiveMQ NMS OpenWire Client. This issue affects Apache ActiveMQ NMS OpenWire Client before 2.1.1 when performing connections to untrusted servers. Such servers could abuse the unbounded deserialization in the client to provide malicious...

9.8CVSS7.6AI score0.00068EPSS

Exploits0References6

OSV•added 2025/04/18 4:15 p.m.•1 views

CVE-2025-29953

9.8CVSS7.8AI score

Exploits0References2

NVD•added 2025/04/18 4:15 p.m.•14 views

CVE-2025-29953

9.8CVSS0.00068EPSS

Exploits0References2

Vulnrichment•added 2025/04/18 3:23 p.m.•2 views

CVE-2025-29953 Apache ActiveMQ NMS OpenWire Client: deserialization allowlist bypass

8AI score0.00068EPSS

Exploits0References1

CVE•added 2025/04/18 3:23 p.m.•110 views

CVE-2025-29953

Apache ActiveMQ NMS OpenWire Client (before 2.1.1) is affected by a Deserialization of Untrusted Data vulnerability. Untrusted servers can abuse unbounded deserialization to potentially achieve arbitrary code execution on the client. A 2.1.0 denial/allowlist feature was introduced but could be by...

9.8CVSS7.4AI score0.00068EPSS

Exploits0References2Affected Software1

CNNVD•added 2024/09/19 12:0 a.m.•1 views

SOFA-Hessian 注入漏洞

SOFA-Hessian is an open source binary serialization protocol. An injection vulnerability exists in SOFA-Hessian versions prior to 3.5.4, which stems from the presence of a deserialization vulnerability that allows bypassing the blacklisting mechanism...

9.8CVSS6.9AI score0.00212EPSS

Exploits0References2

Fedora•added 2024/09/06 3:53 a.m.•5 views

[SECURITY] Fedora 39 Update: lua-mpack-1.0.12-1.fc39

mpack is a small binary serialization/RPC library that implements both the msgpack and msgpack-rpc specifications...

7.3AI score

Exploits0

CNNVD•added 2022/11/10 12:0 a.m.•1 views

Msgpack 安全漏洞

Msgpack is open source an efficient binary serialization format . It allows you to exchange data between multiple languages such as JSON. But it's faster and smaller. Small integers are encoded as one byte, and typical short strings require only one extra byte in addition to the string itself...

7.5CVSS7.3AI score0.00367EPSS

Exploits1References5

OSV•added 2021/11/05 4:15 p.m.•0 views

CVE-2021-42698

Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of these files may allow an attacker to corrupt memory...

7.8CVSS7.1AI score

Exploits0References1

CVE•added 2021/11/05 3:39 p.m.•48 views

CVE-2021-42698

CVE-2021-42698 affects DAQFactory (all versions 18.1 Build 2347 and earlier). The vulnerability arises from deserialization of project files stored as binary memory objects, allowing memory corruption if a crafted file is opened. ICSA-21-308-02 notes the issue exists in the Deserialization of Unt...

7.8CVSS7.5AI score0.00126EPSS

Exploits0References1Affected Software1

Fedora•added 2016/12/22 5:25 a.m.•17 views

[SECURITY] Fedora 25 Update: msgpuck-1.1.3-1.fc25

MsgPack is a binary-based efficient object serialization library. It enables to exchange structured objects between many languages like JSON. But unlike JSON, it is very fast and small. msgpuck is very lightweight header-only library designed to be embedded to your application by the C/C++...

7.8CVSS1.9AI score0.02753EPSS

Exploits4

RedHat Linux•added 2007/02/19 9:8 p.m.•1 views

php session extension information leak

The phpbinary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information memory contents via a serialized variable entry with a large length value, which triggers a buffer over-read...

5CVSS6AI score0.14197EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by