1674 matches found
React Server Components - Remote Code Execution
React Server Components 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack contain a remote code execution caused by unsafe deserialization of payloads from HTTP requests to Server Function endpoints, letting...
Laravel Livewire v3 - Remote Command Execution
Livewire v3 Laravel contains a vulnerability in its component hydration/update mechanism that can be exploited to reach remote command execution RCE without authentication under certain conditions. id: CVE-2025-54068 info: name: Laravel Livewire v3 - Remote Command Execution author: flame-11...
Exploit for Deserialization of Untrusted Data in Apache Activemq
CVE-2023-46604-RCE Python implementation of Apache ActiveMQ...
EUVD-2026-34947
The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP...
CVE-2026-10566
A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function Message.checkinstructcontent of the file metagpt/schema.py. Executing a manipulation of the argument mapping can lead to deserialization. The attack is restricted to local execution. The exploit has...
CVE-2026-9330
IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain...
CVE-2026-24216
NVIDIA BioNemo for Linux contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...
CVE-2026-25551 Seagull Software BarTender Deserialization Privilege Escalation via .NET Remoting Service
Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remoting endpoint is bound to localhost on TCP port 7375 via BtSystem.Service.exe, limiting the attack...
GHSA-JG22-MG44-37J8 AIOHTTP is Vulnerable to Deserialization of Untrusted Data
Summary Using CookieJar.load with untrusted input may allow arbitrary code execution. Impact Most applications using this function will be doing so with the user's own data, so this is unlikely to affect many applications. Workaround If an application does allow attacker controlled files to be...
CVE-2026-47065
CVE-2026-47065 (Apache MINA context) describes two deserialization bypass issues: first, resolveProxyClass bypasses the accept/allow-list when JDK resolves proxy interfaces from a serialized proxy via ObjectInputStream.readProxyDesc(), and second, readClassDescriptor triggers static initializers ...
CVE-2026-24237
CVE-2026-24237 (NVIDIA NVTabular) involves improper deserialization of untrusted data in NVTabular. The connected NVIDIA Security Bulletin confirms the vulnerability could allow code execution, data tampering, information disclosure, and denial of service. Affected: all NVIDIA NVTabular versions ...
CVE-2026-24221
NVIDIA NVTabular contains CVE-2026-24221, a vulnerability due to improper deserialization of untrusted data. The issue could allow a local attacker with low privileges to trigger code execution, data tampering, information disclosure, and denial of service. A fix is available: update to version 0...
CVE-2026-10566 FoundationAgents MetaGPT schema.py Message.check_instruct_content deserialization
A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function Message.checkinstructcontent of the file metagpt/schema.py. Executing a manipulation of the argument mapping can lead to deserialization. The attack is restricted to local execution. The exploit has...
EUVD-2026-33872
A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function Message.checkinstructcontent of the file metagpt/schema.py. Executing a manipulation of the argument mapping can lead to deserialization. The attack is restricted to local execution. The exploit has...
CVE-2026-9330
IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain...
CVE-2026-9330
IBM WebSphere Application Server 9.0 and 8.5 are affected by CVE-2026-9330 due to improper validation of user-supplied data during deserialization in the SAML Web Single Sign-On component, potentially enabling remote code execution via a crafted HTTP request with a gadget chain. Affected products...
EUVD-2026-33740
IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain...
CVE-2026-7858
CVE-2026-7858 involves a Deserialization of Untrusted Data flaw affecting Teamwork Cloud (No Magic Release 2022x–2026x) and Magic Collaboration Studio (CATIA Magic Release 2022x–2026x). The root cause is deserialization of untrusted data enabling unauthenticated remote code execution. The entry h...
Exploit for CVE-2026-46840
CVE-2026-46840 - Oracle ORDS Unauthenticated RCE via REST Back...
logback-core 安全漏洞
logback-core is the core module of the QOS.CH open-source logging framework. Versions of logback-core 1.5.32 and earlier contain security vulnerabilities. These vulnerabilities stem from the HardenedObjectInputStream module’s ability to deserialize untrusted data, which may lead to object injecti...