IBM WebSphere Application Server (WAS) code-related vulnerabilities

IBM WebSphere Application Server WAS is an application server product developed by IBM. It serves as a platform for JavaEE and web services applications and forms the foundation of the IBM WebSphere software suite. Versions 9.0 and 8.5 of IBM WebSphere Application Server contained code...

Security Bulletin: Vulnerabilities in Hugging Face Transformers bundled with IBM Fusion, IBM Fusion HCI and Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI and Content-Aware Storage includes the Hugging Face Transformers library, which could allow a remote attacker to execute arbitrary code on affected installations. These vulnerabilities exist due to the lack of proper validation of user-supplied data during the...

pgAdmin 代码问题漏洞

pgAdmin is an open-source management and development platform for the open-source database PostgreSQL. Versions of pgAdmin prior to 4.9.15 had code vulnerabilities related to deserializing unreliable data. These vulnerabilities could allow authenticated users to execute remote code by placing...

NVIDIA Apex 代码问题漏洞

NVIDIA Apex is a set of useful tools provided by NVIDIA Corporation in the United States. NVIDIA Apex has code-related vulnerabilities; these vulnerabilities stem from the possibility of deserializing unreliable data, which can lead to code execution, denial of service, privilege escalation, data...

WordPress plugin Handyman 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

Chamilo 代码问题漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions 1.11.12 to 1.11.26 of Chamilo have code vulnerabilities, which stem from deserialization issues and may lead to remote code execution...

CraftCMS 3 vCard Plugin 代码问题漏洞

The CraftCMS 3 vCard Plugin is a vCard generator plugin developed by Nathaniel Hammond. Version 1.0.0 of the CraftCMS 3 vCard Plugin has code vulnerabilities; these vulnerabilities stem from deserialization vulnerabilities, which may allow for the execution of arbitrary PHP code...

Seroval security vulnerabilities

Seroval is a formatted Java library developed by Alexis H. Munsayac. Versions of Seroval 1.4.0 and earlier contain security vulnerabilities, which stem from improper input validation during JSON deserialization, potentially leading to prototype pollution...

EUVD-2025-198152

Apache Causeway vulnerable to deserialization in Java...

EUVD-2020-0519

Malware in sbrugna...

Proactive Security and Insights for SharePoint Attacks (CVE-2025-53770 and CVE-2025-53771)

CVE-2025-53770 and CVE-2025-53771 are vulnerabilities in on-premise Microsoft SharePoint Servers that evolved from previously patched flaws, allowing unauthenticated remote code execution through advanced deserialization and ViewState abuse...

ROS-20250710-13

A vulnerability in the Jackson-databind library of the FasterXML project is related to the recovery of inaccurate data in memory. of invalid data. Exploitation of the vulnerability could allow an attacker acting remotely to affect the confidentiality, integrity, and availability of protected...

The vulnerability of Microsoft SharePoint Server and SharePoint Enterprise Server’s software packages lies in their deserialization mechanism flaws, which allows attackers to execute arbitrary code.

The vulnerability of Microsoft SharePoint Server and SharePoint Enterprise Server packages is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of distributed databases for high-performance computations with Apache Ignite, related to deserialization mechanism flaws, allows attackers to execute arbitrary code.

The vulnerability of distributed databases for high-performance Apache Ignite calculations is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the software for managing assets and processes in Cityworks and Cityworks with Office Companion, related to deficiencies in deserialization mechanisms, allows attackers to execute remote code.

The vulnerability of the Cityworks and Cityworks with Office Companion asset management and process management software lies in the deficiencies of the deserialization mechanism. Exploiting this vulnerability allows a remote attacker to execute malicious code remotely...

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server’s server lies in its deserialization mechanism flaws, which allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server lies in the shortcomings of its deserialization mechanism. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

K000149722: Apache MINA vulnerability CVE-2024-52046

Security Advisory Description The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sending...

The vulnerability of the monitoring, control, automation, and management tool for IBM Cloud Pak for Multicloud Management Monitoring lies in its deserialization mechanism flaws, which allows attackers to execute arbitrary commands.

The vulnerability of the monitoring, control, automation, and management tool for IBM Cloud Pak for Multicloud Management lies in the shortcomings of the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending a specially crafted...

The vulnerability of Microsoft SharePoint Server and SharePoint Enterprise Server’s software packages lies in their deserialization mechanism flaws, which allows attackers to execute arbitrary code.

The vulnerability of Microsoft SharePoint Server and SharePoint Enterprise Server packages is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

RHEL 6 / 7 : rh-maven33-groovy (RHSA-2017:2596)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2596 advisory. Groovy is an agile and dynamic language for the Java Virtual Machine, built upon Java with features inspired by languages like Python,...