Lucene search
K

311 matches found

Snyk
Snyk
added 2026/06/22 9:10 p.m.3 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JMX RMI connector. An attacker can execute arbitrary code on the server by sending specially crafted serialized Java objects prior to authentication. Note: This is only exploitable if the JMX...

9.8CVSS6.2AI score
Exploits0References2
Snyk
Snyk
added 2026/06/21 3:12 p.m.4 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the runcommand function of idlelib.pyshell.ModifiedInterpreter when handling pickle files in reduce method...

9.6CVSS6.2AI score0.00276EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 8:4 p.m.14 views

Security Bulletin: IBM WebSphere Application Server is affected by a remote code execution vulnerability (CVE-2026-9319)

Summary IBM WebSphere Application Server is affected by a remote code execution vulnerability when using JAX-WS endpoints with WS-Security. Vulnerability Details CVEID:CVE-2026-9319 DESCRIPTION: IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to...

9CVSS6.3AI score0.00441EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/06/15 11:16 p.m.3 views

UBUNTU-CVE-2026-48853

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote code...

9.2CVSS6.6AI score0.00573EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/12 7:9 p.m.5 views

Deserialization of Untrusted Data

Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the VariableFrontend or Registry. An attacker can execute arbitrary PHP code by injecting a crafted serialized payload into...

9.3CVSS6.1AI score0.00215EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/11 3:38 p.m.4 views

Security Bulletin: Vulnarability in commons-beanutils library (CVE-2019-10086) affects Power HMC.

Summary The commons-beanutils library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2019-10086 DESCRIPTION: In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability...

7.5CVSS6.6AI score0.28839EPSS
Exploits1Affected Software1
CVE
CVE
added 2026/06/09 5:5 p.m.22 views

CVE-2026-45484

This CVE involves deserialization of untrusted data in Microsoft Office SharePoint, enabling an authorized attacker to elevate privileges over a network. Affected component: SharePoint (deserialization vulnerability cited in multiple sources). Root cause: improper handling of deserialized input l...

8.8CVSS5.5AI score0.01982EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/01 5:59 p.m.7 views

CVE-2026-9319 IBM WebSphere Application Server is affected by a remote code execution vulnerability

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security...

9CVSS6.5AI score0.00441EPSS
Exploits0References1
CVE
CVE
added 2026/06/01 5:59 p.m.71 views

CVE-2026-9319

IBM WebSphere Application Server 9.0 and 8.5 are affected by a remote code execution vulnerability caused by deserialization of untrusted data via JAX-WS endpoints with WS-Security (CVE-2026-9319; CVSS v3.1 base score 9.0). This affects WebSphere AS 9.0 and 8.5. Remediation: apply the interim fix...

9CVSS6.5AI score0.00441EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/14 3:41 p.m.9 views

EUVD-2026-30321

DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend datahub-frontend-react deserializes attacker-controlled Java objects from the REDIRECTURL HTTP cookie during the OIDC callback flow, with no integrity protection no HMAC, no encryption. This is a Deserialization o...

4.3CVSS5.8AI score0.00139EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/12 6:30 p.m.8 views

Deserialization of Untrusted Data

Overview ludwig is a Declarative machine learning: End-to-end machine learning pipelines using data-driven configurations. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the predict method. An attacker can execute arbitrary code by supplying a maliciousl...

9.8CVSS6.1AI score0.006EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/05/12 2:0 p.m.7 views

Microsoft SharePoint Server Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

8.8CVSS6AI score0.01967EPSS
Exploits0
Snyk
Snyk
added 2026/05/01 11:26 a.m.4 views

Deserialization of Untrusted Data

Overview org.apache.mina:mina-core is a network application framework which helps users develop high performance and high scalability network applications easily. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the resolveClass function in AbstractIoBuffe...

9.8CVSS6.3AI score0.00902EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 12:19 p.m.5 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the RPC component. An attacker can execute arbitrary code by crafting a malicious StandardRpcRequest containing a harmful class type and sending it to the Master or Worker nodes. Details Serializati...

6.3CVSS6.1AI score0.00537EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 4:57 p.m.5 views

CVE-2026-32192

Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally...

7.8CVSS5.7AI score0.01925EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.6 views

PT-2026-32767

Name of the Vulnerable Software and Affected Versions Adobe Connect versions 2025.3 and 12.10 and earlier Description An issue involving Deserialization of Untrusted Data allows for arbitrary code execution in the context of the current user. This flaw can be exploited without requiring any user...

10CVSS6AI score0.00613EPSS
Exploits0References7
Snyk
Snyk
added 2026/04/07 8:17 p.m.1 views

Deserialization of Untrusted Data

Overview monai is an AI Toolkit for Healthcare Imaging Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the algofrompickle function in monai/auto3dseg/utils.py. An attacker can execute arbitrary code by providing a crafted pickle file that is deserialized...

8.8CVSS6.2AI score
Exploits0References2
Snyk
Snyk
added 2026/04/07 6:13 p.m.5 views

Deserialization of Untrusted Data

Overview nvidia-dali-cuda120 is a NVIDIA DALI for CUDA 12.0. Git SHA: a807a5a11d234580f6857bc4b3206ab8d7080f27 Affected versions of this package are vulnerable to Deserialization of Untrusted Data. An attacker can execute arbitrary code by providing specially crafted data to be deserialized...

7.3CVSS6AI score0.00258EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/03 3:48 a.m.4 views

Deserialization of Untrusted Data

Overview kedro is a Kedro helps you build production-ready data and analytics pipelines Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the logging.config.dictConfig function when user-controlled input is used for the logging configuration file path, whic...

9.8CVSS6.1AI score0.00714EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/01 6:31 a.m.2 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to vulnerable PostgreSQL JDBC connection parameters not being blocked by default. An attacker can exploit this vulnerability by injecting dangerous JDBC parameters such as socketFactory, sslfactory,...

9.3CVSS7.5AI score0.00899EPSS
Exploits1References3
Rows per page
Query Builder