Lucene search
K

5385 matches found

CVE
CVE
added 3 hours ago6 views

CVE-2026-59518

Deserialization of Untrusted Data vulnerability in wpWax Directorist directorist allows Object Injection.This issue affects Directorist: from n/a through = 8.8.2...

9.8CVSS6.1AI score
Exploits0References1
CVE
CVE
added 3 hours ago8 views

CVE-2026-57744

Deserialization of Untrusted Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Object Injection.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...

9.8CVSS6.1AI score
Exploits0References1
CVE
CVE
added 3 hours ago7 views

CVE-2026-57738

Deserialization of Untrusted Data vulnerability in axiomthemes 777 triple-seven allows Object Injection.This issue affects 777: from n/a through = 1.13.0...

9.8CVSS6.1AI score
Exploits0References1
CVE
CVE
added 3 hours ago4 views

CVE-2026-57371

Deserialization of Untrusted Data vulnerability in denishua WPJAM Basic wpjam-basic allows Object Injection.This issue affects WPJAM Basic: from n/a through = 7.0...

8.8CVSS6.1AI score
Exploits0References1
CVE
CVE
added 6 hours ago7 views

CVE-2026-15535

The CVE concerns AkariAsai self-rag’s retrieval_lm component. Affected code: file retrieval_lm/src/index.py, function Indexer.deserialize_from, where manipulating the argument index_meta.faiss can trigger deserialization. This may be exploitable remotely; public exploit details exist. No specific...

6.5CVSS6.4AI score
Exploits0References7
Nuclei
Nuclei
added 7 hours ago18 views

QVIS NVR/DVR - Remote Code Execution

QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization. id: CVE-2021-41419 info: name: QVIS NVR/DVR - Remote Code Execution author: me9187 severity: critical description: | QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java...

9.8CVSS7.2AI score0.06757EPSS
Exploits1References2
Nuclei
Nuclei
added 7 hours ago22 views

Laminas Project laminas-http - Remote Code Execution

Laminas Project laminas-http 2.14.2 and Zend Framework 3.0.0 contain a deserialization vulnerability caused by destruct method in Zend\Http\Response\Stream, letting attackers control content lead to remote code execution, exploit requires attacker-controlled serialized data. id: CVE-2021-3007...

9.8CVSS7.3AI score0.75313EPSS
Exploits3References2
Nuclei
Nuclei
added 7 hours ago106 views

Gladinet CentreStack < 16.4.10315.56368 Use of Hard-coded Key Leads to Unauthenticated RCE

Gladinet CentreStack through 16.1.10296.56315 fixed in 16.4.10315.56368 has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors who know the machineKey to serialize a payload for server-side...

9.8CVSS7.6AI score0.93842EPSS
Exploits6References3
Nuclei
Nuclei
added 7 hours ago19 views

Better Search Replace < 1.4.5 - PHP Object Injection

The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. I...

9.8CVSS7.2AI score0.68047EPSS
Exploits2References2
EUVD
EUVD
added 7 hours ago5 views

EUVD-2026-43277

A vulnerability has been found in yashbhalgat HashNeRF-pytorch up to 82885e698295982504eb6a26d060a6b2473e3706. Affected by this issue is the function torch.load of the file runnerf.py of the component Checkpoint File Handler. The manipulation of the argument ckptpath leads to deserialization. The...

5.3CVSS5.6AI score
Exploits0References7
NVD
NVD
added 3 days ago10 views

CVE-2026-54469

Dell Unisphere for PowerMax, versions 10.3.0.5 and prior, contains a Deserialization of Untrusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges...

8.8CVSS0.00442EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago9 views

Security Bulletin: Denial of Service Vulnerability in jackson-core affect IBM Cloud Pak System[WS-2022-0468]

Summary Denial of Service Vulnerability in jackson-core was addressed in IBM Cloud Pak System version 2.3.6.0 and IBM Cloud Pak System version 2.3.5.1 BYOH on power. Vulnerability Details ID:WS-2022-0468 DESCRIPTION: The jackson-core package is vulnerable to a Denial of Service DoS attack. The...

6AI score
Exploits0Affected Software3
CVE
CVE
added 5 days ago8 views

CVE-2026-12378

The CVE-2026-12378 entry concerns the WordPress plugins BookingPress/Appointment Booking Calendar (up to version 1.1.28). The vulnerability arises from unsafely passing input to a PHP deserialization function, enabling unauthenticated attackers to inject arbitrary PHP objects with a suitable gadg...

8.1CVSS6.2AI score0.00389EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-12378 BookingPress <= 1.1.28 - Unauthenticated PHP Object Injection

The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin through 1.1.28 does not validate data before passing it to a PHP deserialization function, allowing unauthenticated attackers to inject arbitrary PHP objects; where a suitable gadget chain is present on the site this c...

0.00389EPSS
Exploits0References1
CVE
CVE
added 6 days ago66 views

CVE-2026-33264

CVE-2026-33264 involves a vulnerability in Apache Airflow where a bug in BaseSerialization.deserialize() permits unrestricted import_string() of attacker-controlled class paths during loading of a serialized DAG, enabling remote code execution on the API Server/Scheduler process and potentially c...

9.8CVSS6.7AI score0.01649EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/07/06 9:16 a.m.9 views

CVE-2026-43867

Deserialization of Untrusted Data vulnerability in Apache Camel PQC Component. The camel-pqc component persists post-quantum key metadata KeyMetadata through pluggable KeyLifecycleManager implementations. AwsSecretsManagerKeyLifecycleManager.deserializeMetadata reads that metadata back from the...

9.8CVSS0.00691EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/07/06 8:24 a.m.33 views

CVE-2026-43867 Apache Camel: Camel-PQC: The AWS Secrets Manager key-lifecycle manager deserializes persisted key metadata with java.io.ObjectInputStream and no ObjectInputFilter

Deserialization of Untrusted Data vulnerability in Apache Camel PQC Component. The camel-pqc component persists post-quantum key metadata KeyMetadata through pluggable KeyLifecycleManager implementations. AwsSecretsManagerKeyLifecycleManager.deserializeMetadata reads that metadata back from the...

0.00691EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/07/06 7:55 a.m.34 views

CVE-2026-42527 Apache Camel: Permissive default ObjectInputFilter pattern admits java.net.** and enables DNS-based information disclosure

Deserialization of Untrusted Data vulnerability in Apache Camel. The default ObjectInputFilter pattern shipped with several Apache Camel components for defense-in-depth deserialization filtering 'java.;javax.;org.apache.camel.;!', or the no-'javax.' variant in the aggregation-repository component...

0.00546EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-55883

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.14.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An issue exists where the default ObjectInputFilter pattern used for deserialization filtering in...

8.1CVSS6.1AI score0.00546EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-55885

Name of the Vulnerable Software and Affected Versions Apache Camel versions 3.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An issue exists in the Apache Camel JMS component where the JmsBinding.extractBodyFromJms function i...

7.3CVSS6.2AI score0.00504EPSS
Exploits2References6
Rows per page
Query Builder