Lucene search
K

538 matches found

CVE
CVE
added 2026/06/02 10:46 a.m.17 views

CVE-2026-39551

The CVE-2026-39551 entry concerns the WordPress Töbel theme (versions <= 1.8.1) with a PHP Object Injection /deserialization vulnerability in Töbel. Affected component: Töbel theme; root cause: deserialization of untrusted data enabling object injection. Impact metrics from Patchstack indicate...

8.1CVSS5.8AI score0.00308EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.20 views

Dassault Systèmes Teamwork Cloud和Dassault Systèmes Magic Collaboration Studio 安全漏洞

Dassault Systèmes Teamwork Cloud and Dassault Systèmes Magic Collaboration Studio are both products of Dassault Systèmes, a French company. Dassault Systèmes Teamwork Cloud is a collaborative model version control and storage platform. Dassault Systèmes Magic Collaboration Studio is a cloud-based...

9.8CVSS6.1AI score0.00543EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-44012

Name of the Vulnerable Software and Affected Versions Jenkins Active Directory Plugin versions prior to 2.42 Description The plugin deserializes data from LDAP referrals without proper validation. Deserialization is the process of converting a data stream back into an object, which, when performe...

6.6CVSS5.8AI score0.0027EPSS
Exploits0References3
NVD
NVD
added 2026/05/26 5:16 p.m.18 views

CVE-2026-24162

NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure...

7.8CVSS0.00416EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

NVIDIA Transformers4Rec 代码问题漏洞

NVIDIA Transformers4Rec is a deep learning framework for recommendation systems developed by NVIDIA Corporation. NVIDIA Transformers4Rec for Linux has code-related vulnerabilities that could lead to insecure data deserialization, potentially causing code execution, data tampering, and information...

7.8CVSS5.9AI score0.00416EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/12 6:30 p.m.10 views

Deserialization of Untrusted Data

Overview snorkel is an A system for quickly generating training data with weak supervision Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the load function of the BaseLabeler class, which uses the pickle.load method on user-supplied file paths without...

8.8CVSS6.3AI score0.00392EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/01 5:32 p.m.5 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the unserialize function in the sync-invoke client when processing data received from a server response. An attacker can execute arbitrary code by sending crafted serialized data from a malicious...

9.8CVSS6.1AI score0.01757EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.13 views

Microsoft Bing 代码问题漏洞

Microsoft Bing is a web search engine developed by Microsoft Corporation in the United States. There are code vulnerabilities in Microsoft Bing, which stem from deserializing unreliable data. These vulnerabilities could allow unauthorized attackers to execute code through the network...

10CVSS6AI score0.0084EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.10 views

openSUSE 16 Security Update : roundcubemail (openSUSE-SU-2026:20586-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20586-1 advisory. Changes in roundcubemail: - update to 1.6.15 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to some...

7.5CVSS6AI score0.00475EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.9 views

OpenText RightFax 安全漏洞

OpenText RightFax is an enterprise fax server software developed by OpenText Corporation in Canada. Versions of OpenText RightFax prior to 25.4 contained a security vulnerability that stemmed from deserializing untrusted data, which could lead to object injection attacks...

9.3CVSS5.8AI score0.00273EPSS
Exploits0References1
NVD
NVD
added 2026/04/14 6:17 p.m.3 views

CVE-2026-34615

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentiall...

9.3CVSS0.00629EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.4 views

PT-2026-32846

Name of the Vulnerable Software and Affected Versions Azure Monitor Agent affected versions not specified Description Deserialization of untrusted data allows an authorized attacker to elevate privileges locally. Recommendations At the moment, there is no information about a newer version that...

7.8CVSS5.8AI score0.01925EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.5 views

Adobe Connect <= 12.10 Multiple Vulnerabilities (APSB26-37)

The version of Adobe Connect installed on the remote host is prior to 12.11. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb26-37 advisory. - Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that...

9.6CVSS6.3AI score0.00629EPSS
Exploits0References10
Snyk
Snyk
added 2026/04/13 4:12 p.m.8 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the XCom API. A privileged DAG Author can execute code on the webserver by invoking a class via legacy serialization keys type/var. Details Serialization is a process of converting an object into a...

8.8CVSS6AI score0.00592EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/13 9:11 a.m.1 views

CVE-2026-35337

Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject without any class filtering or...

6.4AI score0.01011EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 7:17 p.m.3 views

Deserialization of Untrusted Data

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the YAML deserialization in the loadAgentFromFile function. An attacker can execute arbitrary code...

9.8CVSS6.2AI score0.0058EPSS
Exploits0References2
CVE
CVE
added 2026/04/08 12:19 a.m.305 views

CVE-2026-3357

IBM Langflow Desktop versions 1.6.0–1.8.2 are affected by CVE-2026-3357 due to unsafe deserialization in the FAISS Vector Store component, enabling an authenticated user to execute arbitrary code on the system. The vulnerability stems from a default setting that allows loading untrusted Python Pi...

8.8CVSS6.3AI score0.00466EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/07 6:31 p.m.5 views

EUVD-2026-19753

NVIDIA DALI contains a vulnerability where an attacker could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to arbitrary code execution...

7.3CVSS6.2AI score0.00258EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/03 9:37 p.m.9 views

Security Bulletin: IBM Langflow Desktop FAISS Vector Store Remote Code Execution via malicious Pickle file

Summary IBM Langflow Desktop supports retrieval-augmented generation RAG workflows through its FAISS Vector Store component, which loads persisted vector indexes and associated metadata from disk. A vulnerability in the FAISS component arises from unsafe deserialization of Python Pickle files,...

8.8CVSS6.7AI score0.00466EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/03/31 4:24 p.m.10 views

CVE-2026-24165

The CVE-2026-24165 issue in NVIDIA BioNeMo Framework involves a vulnerability where deserialization of untrusted data could lead to code execution, denial of service, information disclosure, or data tampering. Affected component: BioNeMo Framework (Linux) with all versions lacking commit e5e58c8....

8.8CVSS5.9AI score0.00312EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder