311 matches found
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JMX RMI connector. An attacker can execute arbitrary code on the server by sending specially crafted serialized Java objects prior to authentication. Note: This is only exploitable if the JMX...
Deserialization of Untrusted Data
Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the runcommand function of idlelib.pyshell.ModifiedInterpreter when handling pickle files in reduce method...
Security Bulletin: IBM WebSphere Application Server is affected by a remote code execution vulnerability (CVE-2026-9319)
Summary IBM WebSphere Application Server is affected by a remote code execution vulnerability when using JAX-WS endpoints with WS-Security. Vulnerability Details CVEID:CVE-2026-9319 DESCRIPTION: IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to...
UBUNTU-CVE-2026-48853
Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote code...
Deserialization of Untrusted Data
Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the VariableFrontend or Registry. An attacker can execute arbitrary PHP code by injecting a crafted serialized payload into...
Security Bulletin: Vulnarability in commons-beanutils library (CVE-2019-10086) affects Power HMC.
Summary The commons-beanutils library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2019-10086 DESCRIPTION: In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability...
CVE-2026-45484
This CVE involves deserialization of untrusted data in Microsoft Office SharePoint, enabling an authorized attacker to elevate privileges over a network. Affected component: SharePoint (deserialization vulnerability cited in multiple sources). Root cause: improper handling of deserialized input l...
CVE-2026-9319 IBM WebSphere Application Server is affected by a remote code execution vulnerability
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security...
CVE-2026-9319
IBM WebSphere Application Server 9.0 and 8.5 are affected by a remote code execution vulnerability caused by deserialization of untrusted data via JAX-WS endpoints with WS-Security (CVE-2026-9319; CVSS v3.1 base score 9.0). This affects WebSphere AS 9.0 and 8.5. Remediation: apply the interim fix...
EUVD-2026-30321
DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend datahub-frontend-react deserializes attacker-controlled Java objects from the REDIRECTURL HTTP cookie during the OIDC callback flow, with no integrity protection no HMAC, no encryption. This is a Deserialization o...
Deserialization of Untrusted Data
Overview ludwig is a Declarative machine learning: End-to-end machine learning pipelines using data-driven configurations. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the predict method. An attacker can execute arbitrary code by supplying a maliciousl...
Microsoft SharePoint Server Remote Code Execution Vulnerability
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...
Deserialization of Untrusted Data
Overview org.apache.mina:mina-core is a network application framework which helps users develop high performance and high scalability network applications easily. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the resolveClass function in AbstractIoBuffe...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the RPC component. An attacker can execute arbitrary code by crafting a malicious StandardRpcRequest containing a harmful class type and sending it to the Master or Worker nodes. Details Serializati...
CVE-2026-32192
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally...
PT-2026-32767
Name of the Vulnerable Software and Affected Versions Adobe Connect versions 2025.3 and 12.10 and earlier Description An issue involving Deserialization of Untrusted Data allows for arbitrary code execution in the context of the current user. This flaw can be exploited without requiring any user...
Deserialization of Untrusted Data
Overview monai is an AI Toolkit for Healthcare Imaging Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the algofrompickle function in monai/auto3dseg/utils.py. An attacker can execute arbitrary code by providing a crafted pickle file that is deserialized...
Deserialization of Untrusted Data
Overview nvidia-dali-cuda120 is a NVIDIA DALI for CUDA 12.0. Git SHA: a807a5a11d234580f6857bc4b3206ab8d7080f27 Affected versions of this package are vulnerable to Deserialization of Untrusted Data. An attacker can execute arbitrary code by providing specially crafted data to be deserialized...
Deserialization of Untrusted Data
Overview kedro is a Kedro helps you build production-ready data and analytics pipelines Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the logging.config.dictConfig function when user-controlled input is used for the logging configuration file path, whic...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to vulnerable PostgreSQL JDBC connection parameters not being blocked by default. An attacker can exploit this vulnerability by injecting dangerous JDBC parameters such as socketFactory, sslfactory,...