Lucene search
K

5380 matches found

CVE
CVE
added 2 hours ago5 views

CVE-2026-15535

The CVE concerns AkariAsai self-rag’s retrieval_lm component. Affected code: file retrieval_lm/src/index.py, function Indexer.deserialize_from, where manipulating the argument index_meta.faiss can trigger deserialization. This may be exploitable remotely; public exploit details exist. No specific...

6.5CVSS6.4AI score
Exploits0References7
Nuclei
Nuclei
added yesterday19 views

Better Search Replace < 1.4.5 - PHP Object Injection

The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. I...

9.8CVSS7.2AI score0.68047EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday18 views

QVIS NVR/DVR - Remote Code Execution

QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization. id: CVE-2021-41419 info: name: QVIS NVR/DVR - Remote Code Execution author: me9187 severity: critical description: | QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java...

9.8CVSS7.2AI score0.06757EPSS
Exploits1References2
Nuclei
Nuclei
added 2 days ago22 views

Laminas Project laminas-http - Remote Code Execution

Laminas Project laminas-http 2.14.2 and Zend Framework 3.0.0 contain a deserialization vulnerability caused by destruct method in Zend\Http\Response\Stream, letting attackers control content lead to remote code execution, exploit requires attacker-controlled serialized data. id: CVE-2021-3007...

9.8CVSS7.3AI score0.75313EPSS
Exploits3References2
NVD
NVD
added 3 days ago10 views

CVE-2026-54469

Dell Unisphere for PowerMax, versions 10.3.0.5 and prior, contains a Deserialization of Untrusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges...

8.8CVSS0.00442EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago9 views

Security Bulletin: Denial of Service Vulnerability in jackson-core affect IBM Cloud Pak System[WS-2022-0468]

Summary Denial of Service Vulnerability in jackson-core was addressed in IBM Cloud Pak System version 2.3.6.0 and IBM Cloud Pak System version 2.3.5.1 BYOH on power. Vulnerability Details ID:WS-2022-0468 DESCRIPTION: The jackson-core package is vulnerable to a Denial of Service DoS attack. The...

6AI score
Exploits0Affected Software3
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-12378 BookingPress <= 1.1.28 - Unauthenticated PHP Object Injection

The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin through 1.1.28 does not validate data before passing it to a PHP deserialization function, allowing unauthenticated attackers to inject arbitrary PHP objects; where a suitable gadget chain is present on the site this c...

0.00389EPSS
Exploits0References1
CVE
CVE
added 5 days ago8 views

CVE-2026-12378

The CVE-2026-12378 entry concerns the WordPress plugins BookingPress/Appointment Booking Calendar (up to version 1.1.28). The vulnerability arises from unsafely passing input to a PHP deserialization function, enabling unauthenticated attackers to inject arbitrary PHP objects with a suitable gadg...

8.1CVSS6.2AI score0.00389EPSS
Exploits0References1
Nuclei
Nuclei
added 5 days ago106 views

Gladinet CentreStack < 16.4.10315.56368 Use of Hard-coded Key Leads to Unauthenticated RCE

Gladinet CentreStack through 16.1.10296.56315 fixed in 16.4.10315.56368 has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors who know the machineKey to serialize a payload for server-side...

9.8CVSS7.6AI score0.93842EPSS
Exploits6References3
CVE
CVE
added 6 days ago63 views

CVE-2026-33264

CVE-2026-33264 involves a vulnerability in Apache Airflow where a bug in BaseSerialization.deserialize() permits unrestricted import_string() of attacker-controlled class paths during loading of a serialized DAG, enabling remote code execution on the API Server/Scheduler process and potentially c...

9.8CVSS6.7AI score0.01649EPSS
Exploits0References4Affected Software1
NVD
NVD
added last week9 views

CVE-2026-43867

Deserialization of Untrusted Data vulnerability in Apache Camel PQC Component. The camel-pqc component persists post-quantum key metadata KeyMetadata through pluggable KeyLifecycleManager implementations. AwsSecretsManagerKeyLifecycleManager.deserializeMetadata reads that metadata back from the...

9.8CVSS0.00691EPSS
Exploits0References1
Cvelist
Cvelist
added last week33 views

CVE-2026-43867 Apache Camel: Camel-PQC: The AWS Secrets Manager key-lifecycle manager deserializes persisted key metadata with java.io.ObjectInputStream and no ObjectInputFilter

Deserialization of Untrusted Data vulnerability in Apache Camel PQC Component. The camel-pqc component persists post-quantum key metadata KeyMetadata through pluggable KeyLifecycleManager implementations. AwsSecretsManagerKeyLifecycleManager.deserializeMetadata reads that metadata back from the...

0.00691EPSS
Exploits0References1
Cvelist
Cvelist
added last week34 views

CVE-2026-42527 Apache Camel: Permissive default ObjectInputFilter pattern admits java.net.** and enables DNS-based information disclosure

Deserialization of Untrusted Data vulnerability in Apache Camel. The default ObjectInputFilter pattern shipped with several Apache Camel components for defense-in-depth deserialization filtering 'java.;javax.;org.apache.camel.;!', or the no-'javax.' variant in the aggregation-repository component...

0.00546EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-55885

Name of the Vulnerable Software and Affected Versions Apache Camel versions 3.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An issue exists in the Apache Camel JMS component where the JmsBinding.extractBodyFromJms function i...

7.3CVSS6.2AI score0.00504EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-55883

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.14.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An issue exists where the default ObjectInputFilter pattern used for deserialization filtering in...

8.1CVSS6.1AI score0.00546EPSS
Exploits1References6
CVE
CVE
added 2026/07/05 7:45 a.m.15 views

CVE-2026-14723

The vulnerability CVE-2026-14723 affects AD-Security AD_Miner 1.9.0. It resides in the Cache Handler, specifically the analyse_cache.py file’s function request_a. Manipulating the argument sys.argv[1] leads to deserialization, enabling a local exploit. Public details note that exploitation is loc...

5.3CVSS5.8AI score0.00121EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/04 5:30 p.m.32 views

CVE-2026-14637 kirilkirkov Ecommerce-CodeIgniter-Bootstrap ShoppingCart.php getCartItems deserialization

A security vulnerability has been detected in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 13fd582aaf49aeab7438acc0fc3eb973a1f5e6a7. The affected element is the function getCartItems in the library application/libraries/ShoppingCart.php. The manipulation of the argument shoppingcart leads to...

8.8CVSS0.00598EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/04 5:30 p.m.9 views

EUVD-2026-41684

A security vulnerability has been detected in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 13fd582aaf49aeab7438acc0fc3eb973a1f5e6a7. The affected element is the function getCartItems in the library application/libraries/ShoppingCart.php. The manipulation of the argument shoppingcart leads to...

8.8CVSS6.6AI score0.00598EPSS
Exploits0References7
Snyk
Snyk
added 2026/07/04 3:12 a.m.7 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the makelabel function in the reduce method. An attacker can execute arbitrary commands by crafting...

8.1CVSS6.2AI score0.003EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/04 3:12 a.m.7 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the asyncio.unixevents.UnixSubprocessTransport.start function. An attacker can execute arbitrary commands...

8.1CVSS6.2AI score0.00555EPSS
Exploits0References2
Rows per page
Query Builder