Lucene search
K

323 matches found

RedHat Linux
RedHat Linux
added 2026/05/18 1:12 p.m.9 views

erb: ERB: Arbitrary code execution via deserialization bypass

A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source...

8.1CVSS6.3AI score0.01131EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/18 12:50 p.m.14 views

erb: ERB: Arbitrary code execution via deserialization bypass

A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source...

8.1CVSS6.3AI score0.01131EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/18 12:12 p.m.16 views

c3p0: c3p0: Arbitrary Code Execution via deserialization of crafted objects

A flaw was found in c3p0, a Java Database Connectivity JDBC Connection pooling library. This vulnerability allows an attacker to achieve arbitrary code execution by providing maliciously crafted Java-serialized objects or javax.naming.Reference instances. By manipulating the userOverridesAsString...

8.9CVSS7.8AI score0.00534EPSS
Exploits0References9
GithubExploit
GithubExploit
added 2026/05/17 7:41 a.m.70 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Security Lab "React2Shell" This repository c...

10CVSS6.1AI score0.99562EPSS
Exploits372
Cvelist
Cvelist
added 2026/05/15 1:11 a.m.60 views

CVE-2026-8612 WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution

WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution. With no explicit cache backend, WWW::Mechanize::Cached constructs a default Cache::FileCache under /tmp/FileCache without...

0.00127EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/24 12:37 p.m.8 views

CVE-2026-41316

A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source...

8.1CVSS6.4AI score0.01131EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.9 views

WordPress plugin Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Issues...

7.2CVSS5.9AI score0.00425EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.12 views

OpenMage Magento Lts(Magento) 安全漏洞

OpenMage Magento Lts Magento is an e-commerce system developed by the OpenMage organization. Versions of OpenMage Magento Lts prior to 20.17.0 contained security vulnerabilities. These vulnerabilities stemmed from potential deserialization attacks when handling phar:// paths, which could lead to...

8.1CVSS6.1AI score0.00539EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/16 7:48 p.m.7 views

EUVD-2026-23293

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a JDBC parameter blocklist bypass vulnerability in the MySQL datasource configuration. The Mysql class uses Lombok's @Data annotation, which auto-generates a public setter for the...

8.3CVSS5.9AI score0.00388EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/16 7:48 p.m.4 views

CVE-2026-40899

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a JDBC parameter blocklist bypass vulnerability in the MySQL datasource configuration. The Mysql class uses Lombok's @Data annotation, which auto-generates a public setter for the...

8.3CVSS5.9AI score0.00388EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/16 7:22 p.m.5 views

CVE-2026-32271

Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, there is an SQL injection vulnerability in the Commerce TotalRevenue widget which allows any authenticated control panel user to achieve remote code execution through a four-step...

7.7CVSS6.5AI score0.00476EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.9 views

PT-2026-33340

Name of the Vulnerable Software and Affected Versions Digital Knowledge KnowledgeDeliver versions prior to February 24, 2026 Description Hard-coded ASP.NET/IIS machineKey values in standardized web.config files allow unauthenticated remote code execution. Attackers can use these shared keys to...

9.1CVSS6.4AI score0.01008EPSS
Exploits0References45
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.8 views

datrie 代码问题漏洞

Datrie is an open-source Python library that implements a high-performance dictionary tree. Versions of Datrie prior to 0.8.3 have code vulnerabilities. These vulnerabilities stem from incorrect operations on the functions Trie.load, Trie.read, and Trie.setstate found in the file src/datrie.pyx,...

7.5CVSS6.6AI score0.00264EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.8 views

Core Flight System(cFS) 代码问题漏洞

Core Flight System cFS is a generic flight software architecture framework open source by NASA, used for flagship spacecraft, manned spacecraft, cube satellites, and Raspberry Pi devices. Versions of Core Flight System cFS 7.0.0 and earlier contained code vulnerabilities. These vulnerabilities...

7CVSS5.9AI score0.00223EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/22 12:0 a.m.7 views

PyTorch 代码问题漏洞

PyTorch is an open-source Python package developed by PyTorch. Version 2.10.0 of PyTorch contains code vulnerabilities; these vulnerabilities stem from unknown features in the pt2 loading processing component, which may lead to deserialization attacks...

7.8CVSS6.1AI score0.00239EPSS
Exploits0References6
CVE
CVE
added 2026/03/20 9:31 a.m.6 views

CVE-2026-0677

CVE-2026-0677 concerns the WordPress plugin TotalContest Lite (

6.3CVSS5.9AI score0.00233EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/18 8:10 p.m.3 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview deepdiff is a Deep Difference and Search of any Python object/data. Recreate objects by adding adding deltas to each other. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the RestrictedUnpickler...

8.7CVSS5.8AI score0.00452EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2026/03/17 7:14 p.m.121 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182RCEExploit REC Exploit is a Python-based secur...

10CVSS6AI score0.99562EPSS
Exploits372
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.5 views

PT-2026-24943

SGLangs replay request dump.py contains an insecure pickle.load without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script...

5.9AI score0.00334EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/03/08 4:59 p.m.193 views

Exploit for Code Injection in Craftcms Craft_Cms

CVE-Public - Vulnerability Proof-of-Concept Script Library...

10CVSS7.7AI score0.99803EPSS
Exploits16
Rows per page
Query Builder