28 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-55223
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a sink for deserialization...
PT-2026-54435
Name of the Vulnerable Software and Affected Versions c3p0 versions prior to 0.14.0 Description c3p0, a JDBC Connection pooling library, can act as a sink for deserialization gadgets when used with other libraries. The DataSource.getConnection and ConnectionPoolDataSource.getPooledConnection...
CVE-2026-40860 Apache Camel: Unsafe Deserialization of JMS ObjectMessage in camel-jms, camel-sjms, camel-sjms2 and camel-amqp
JmsBinding.extractBodyFromJms in camel-jms, and the equivalent JmsBinding class in camel-sjms, deserialized the payload of incoming JMS ObjectMessage values via javax.jms.ObjectMessage.getObject without applying any ObjectInputFilter, class allowlist or class denylist. Because this code path is...
OpenSTAManager Affected by Remote Code Execution via Insecure Deserialization in OAuth2
Description The oauth2.php file in OpenSTAManager is an unauthenticated endpoint $skippermissions = true. It loads a record from the zzoauth2 table using the attacker-controlled GET parameter state, and during the OAuth2 configuration flow calls unserialize on the accesstoken field without any...
CVE-2025-27818
A possible security vulnerability has been identified in Apache Kafka. This requires access to a alterConfig to the cluster resource, or Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, whic...
PT-2024-36551 · Unknown · Invoice Ninja
Name of the Vulnerable Software and Affected Versions: Invoice Ninja versions prior to 5.10.43 Description: The issue allows remote code execution from a pre-authenticated route when an attacker knows the APP KEY. This is exacerbated by .env files that have default APP KEY values. The route...
Exploit for SQL Injection in Progress Moveit_Cloud
It is an exploit module for MOVEit Transfer. The vulnerability i...
Remote Code Execution (RCE)
Kafka clients is vulnerable to Remote Code Execution. The vulnerability is due to a lack of restrictions on the sasl.jaas.config authentication property, which allows an authenticated attacker to submit arbitrary SASL configurations. An attacker can inject a deserialization gadget chain into the...
CVE-2023-25194 Apache Kafka Connect API: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect
A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka...
GitLab: Remote Command Execution via Github import
Summary This is very similar to https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/Remote%20Command%20Execution%20via%20Github%20import and allows arbitrary redis commands to be injected when imported a GitHub repository. When importing a GitHub repo the...
log4j: deserialization of untrusted data in SocketServer
A flaw was discovered in Log4j, where a vulnerable SocketServer class may lead to the deserialization of untrusted data. This flaw allows an attacker to remotely execute arbitrary code when combined with a deserialization gadget...
CVE-2020-36181
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions are needed for an exploit, w...
PT-2021-3165
Name of the Vulnerable Software and Affected Versions FasterXML jackson-databind versions 2.x before 2.9.10.8 FasterXML jackson-databind versions 2.6.7.5 and earlier Description The issue is related to the interaction between serialization gadgets and typing, specifically with the...
jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider
A flaw was found in jackson-databind 2.x prior to version 2.9.10.4. The interaction between serialization gadgets and typing is mishandled in the bus-proxy. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
jackson-databind: Lacks certain xbean-reflect/JNDI blocking
A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A "gadget" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabili...
DEBIAN-CVE-2020-14061
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and...
jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider
A flaw was found in jackson-databind 2.x prior to version 2.9.10.4. The interaction between serialization gadgets and typing is mishandled in the bus-proxy. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the HikariConfig gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
jackson-databind: Serialization gadgets in classes of the xalan package
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...
jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the commons-dbcp gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...