Lucene search
K

536 matches found

CNNVD
CNNVD
added 2026/01/21 12:0 a.m.7 views

Seroval code issue vulnerabilities

Seroval is a formatted Java library developed by Alexis H. Munsayac. Versions of Seroval 1.4.0 and earlier have code vulnerabilities caused by improper handling of JSON deserialization inputs, which may lead to arbitrary JavaScript code execution...

7.5CVSS6.1AI score0.00519EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.6 views

MiracleLinux 7 : java-1.7.0-openjdk-1.7.0.181-2.6.14.5.0.1.el7.AXS7 (AXSA:2018-3025:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-3025:02 advisory. OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass Hotspot, 8192025 CVE-2018-2814 OpenJDK: unrestricted deserialization of...

8.3CVSS6.4AI score0.15141EPSS
Exploits0References11
EUVD
EUVD
added 2026/01/13 5:56 p.m.5 views

EUVD-2026-2114

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

8.8CVSS6.7AI score0.31109EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/12 12:0 a.m.5 views

Broadcom DX NetOps Spectrum 安全漏洞

Broadcom DX NetOps Spectrum is a network fault management and condition monitoring platform from Broadcom Corporation USA. A security vulnerability exists in Broadcom DX NetOps Spectrum versions 24.3.13 and earlier, which stems from deserializing untrustworthy data and could lead to object...

8.8CVSS6.7AI score0.00257EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/09 8:52 p.m.4 views

Deserialization of Untrusted Data

Overview fickling is an A static analyzer and interpreter for Python pickle data Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the runpy module. An attacker can execute arbitrary code by supplying a malicious pickle file that uses runpy.runpath or...

9.3CVSS7.8AI score0.00425EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/09 12:36 p.m.7 views

CVE-2023-49442

Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request...

9.8CVSS7.4AI score0.38549EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:27 a.m.7 views

CVE-2021-33806

The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of its use of Java serialization...

9.8CVSS8AI score0.02981EPSS
Exploits0References1
OSV
OSV
added 2026/01/01 9:30 a.m.4 views

GHSA-34WM-4HW7-QFJV Feast vulnerable to Deserialization of Untrusted Data

A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at feast/sdk/python/feast/infra/computeengines/kubernetes/main.py. The vulnerability arises from the use of yaml.load..., Loader=yaml.Loader to...

7.8CVSS8.5AI score0.00264EPSS
Exploits0References5
Snyk
Snyk
added 2025/12/30 3:24 p.m.3 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the operator.attrgetter function. An attacker can execute arbitrary code by crafting a malicious pickle...

8.4CVSS7.7AI score
Exploits0References3
Snyk
Snyk
added 2025/12/30 3:20 p.m.4 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the numpy.f2py.crackfortran.evallength function. An attacker can execute arbitrary code by crafting a...

8.4CVSS6.1AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/24 10:29 p.m.3 views

CVE-2025-13710

Tencent HunyuanVideo loadvae Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent HunyuanVideo. User interaction is required to exploit this vulnerability in that the target...

7.8CVSS7.9AI score0.00411EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/24 12:30 a.m.5 views

EUVD-2025-204976

Tencent HunyuanDiT modelresume Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent HunyuanDiT. User interaction is required to exploit this vulnerability in that the target...

7.8CVSS7.1AI score0.00411EPSS
Exploits0References3
Snyk
Snyk
added 2025/12/23 9:50 p.m.5 views

Deserialization of Untrusted Data

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the parsing process of model files. An attacker can execute arbitrary code in the context of the current user by...

8.5CVSS7.8AI score0.00262EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/23 9:50 p.m.4 views

Deserialization of Untrusted Data

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the megatrongpt2 process. An attacker can achieve arbitrary code execution by tricking a user into opening a...

8.5CVSS7.9AI score0.00262EPSS
Exploits0References2
OSV
OSV
added 2025/12/23 9:15 p.m.7 views

PYSEC-2025-211

Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability ...

7.8CVSS6.2AI score0.00262EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/23 9:4 p.m.2 views

CVE-2025-14924 Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability

Hugging Face Transformers megatrongpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in...

7.8CVSS7.3AI score0.00262EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/23 12:0 a.m.4 views

Hugging Face Transformers 代码问题漏洞

Hugging Face Transformers is a Hugging Face open source framework for defining state-of-the-art machine learning models covering textual, visual, audio, and multimodal models for inference and training. A code issue vulnerability exists in Hugging Face Transformers that stems from a lack of...

7.8CVSS8AI score0.00262EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/12/19 12:0 a.m.5 views

(0Day) Mescius ActiveReports.NET TypeResolutionService Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mescius ActiveReports.NET. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the...

9.8CVSS7.6AI score0.00738EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.4 views

PT-2025-52140

Deserialization of Untrusted Data vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Object Injection.This issue affects PDF for WPForms: from n/a through = 6.3.1...

7AI score0.00355EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/12 12:3 a.m.7 views

Deserialization of Untrusted Data

Overview next is a react framework. Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to unsafe deserialization of payloads from HTTP requests to Server Function endpoints. An attacker can cause the server process to enter an infinite loop and hang,...

8.7CVSS6.9AI score0.65592EPSS
Exploits13References2
Rows per page
Query Builder