TanStack Start - Server Core: Inbound server-function request deserialization could invoke a sibling client-referenced server function

Summary A type-confusion bug in seroval ≤ 1.5.2 upstream advisory allowed a crafted JSON body sent to one TanStack Start server function to trigger invocation of a different client-referenced server function as a side effect of deserializing the request payload. This is not an authentication bypa...

CVE-2026-40881

Zebra/Zebrad deserialization flaw CVE-2026-40881: when parsing addr or addrv2 messages, Zebra would deserialize vectors of addresses up to about 233k entries due to MAX_ADDRS_IN_MESSAGE checking being performed after deserialization. This could exhaust memory and crash a node under network load. ...

PT-2026-34225

Name of the Vulnerable Software and Affected Versions free5GC AMF versions prior to 1.4.3 Description The HTTPUEContextTransfer handler in internal/sbi/api communication.go lacks a default case in the Content-Type switch statement. If a request is sent with an unsupported Content-Type, the...

Security update for roundcubemail (important)

openSUSE Security Update: Security update for roundcubemail Announcement ID: openSUSE-SU-2026:0144-1 Rating: important References: 1261157 1261488 Cross-References: CVE-2026-35537 Affected Products: openSUSE Backports SLE-15-SP6 An update that solves one vulnerability and has one errata is now...

WordPress plugin wpForo Forum 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

CVE-2025-68141

EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a DCChargeLoopRes message that includes Receipt as well as TaxCosts, the vector taxcosts in the target Receipt structure is accessed out of bounds. This occurs in the method template void...

EUVD-2025-206315

EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a DCChargeLoopRes message that includes Receipt as well as TaxCosts, the vector taxcosts in the target Receipt structure is accessed out of bounds. This occurs in the method template void...

MiracleLinux 4 : java-1.7.0-openjdk-1.7.0.261-2.6.22.1.AXS4 (AXSA:2020-002:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-002:03 advisory. OpenJDK: Incorrect bounds checks in NIO Buffers Libraries, 8234841 CVE-2020-2803 OpenJDK: Incorrect type checks in MethodType.readObject Libraries,...

UBUNTU-CVE-2025-34449

Genymobile/scrcpy versions up to and including 3.3.3, prior to commit 3e40b24, contain a buffer overflow vulnerability in the scdevicemsgdeserialize function. A compromised device can send crafted messages that cause out-of-bounds reads, which may result in memory corruption or a denial-of-servic...

Exploit for Deserialization of Untrusted Data in Facebook React

react2shell-scanner A command-line tool for detecting CVE-202...

PT-2025-50846

The Visitor Logic Lite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.3 via deserialization of untrusted input from the lpblocks cookie. This is due to the lp track function passing unsanitized cookie data directly to the unserialize function...

Linux Distros Unpatched Vulnerability : CVE-2024-39780

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A YAML deserialization vulnerability was found in the Robot Operating System ROS 'dynparam', a command- line tool for getting, setting, and deleting parameters ...

Linux Distros Unpatched Vulnerability : CVE-2020-28032

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress before 5.5.2 mishandles deserialization requests in wp- includes/Requests/Utility/FilteredIterator.php. CVE-2020-28032 Note that Nessus relies on the...

CVE-2025-2924

A vulnerability, which was classified as problematic, was found in HDF5 up to 1.14.6. This affects the function H5HLfldeserialize of the file src/H5HLcache.c. The manipulation of the argument freeblock leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The...

CVE-2025-2000

A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats 13. A python process calling Qiskit 0.18.0 through 1.4.1's qiskit.qpy.load function could potentially execute any arbitrary Python code embedded...

SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software

SolarWinds has released patches to address a critical security vulnerability in its Web Help Desk software that could be exploited to execute arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-28986 CVSS score: 9.8, has been described as a deserialization bug. "SolarWinds Web...

VulnCheck KEV: CVE-2018-0824

Microsoft COM for Windows contains a deserialization of untrusted data vulnerability that allows for privilege escalation and remote code execution via a specially crafted file or script...

DEBIAN-CVE-2024-32612

HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5HLfldeserialize in H5HLcache.c, resulting in the corruption of the instruction pointer, a different vulnerability than CVE-2024-32613...

HDF Group HDF5 安全漏洞

HDF Group HDF5 is a suite of tools for managing and storing different types of data from the American company HDF Group. The product supports managing, manipulating, viewing and analyzing data and generating files in portable formats. A security vulnerability exists in HDF5 Library version 1.14.3...

PT-2024-6205 · Unknown +2 · Hdf5 Library +2

Name of the Vulnerable Software and Affected Versions: HDF5 Library versions prior to 1.14.4 Description: The issue is related to a heap-based buffer over-read in the H5HL fl deserialize function in the H5HLcache.c file of the HDF5 library. This can lead to the corruption of the instruction...