Lucene search
K

264 matches found

CNNVD
CNNVD
added 2025/03/13 12:0 a.m.4 views

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. DataEase version 2.10.6 prior to the existence of a security vulnerability , th...

8.6CVSS6.7AI score0.00361EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/03/13 12:0 a.m.4 views

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. DataEase version 2.10.6 prior to a security vulnerability , the vulnerability...

8.6CVSS6.5AI score0.00424EPSS
Exploits1References2
Snyk
Snyk
added 2025/02/21 6:40 p.m.2 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the deserialize method, when handling untrusted XML data, which may contain external entity references. Details XXE Injection is a type of attack against an application that parses XML input. XML is...

8.7CVSS7.6AI score0.00211EPSS
Exploits0References2
OSV
OSV
added 2025/01/14 1:15 a.m.1 views

DEBIAN-CVE-2024-57643

An issue in the boxdeserializestring component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS7.5AI score0.0088EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/01/13 12:0 a.m.3 views

OpenLink Virtuoso-opensource 安全漏洞

OpenLink Virtuoso-opensource is OpenLink Software's is a powerful multi-model database and middleware platform for a variety of application scenarios that require high-performance data processing and complex data model support. A security vulnerability exists in OpenLink Virtuoso-opensource versi...

7.5CVSS7.5AI score0.0088EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2024/09/17 12:0 a.m.9 views

The vulnerability of the H5HG__cache_heap_deserialize() function in the HDF5 library allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the H5HGcacheheapdeserialize function in the HDF5 library is related to buffer overflow in the heap. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

7.4CVSS7.8AI score0.00223EPSS
Exploits0References5Affected Software4
BDU FSTEC
BDU FSTEC
added 2024/09/17 12:0 a.m.6 views

The vulnerability of the H5S__point_deserialize() function in the H5Spoint.c file of the HDF5 library allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the H5Spointdeserialize function in the H5Spoint.c file of the HDF5 library is related to buffer overflow in the queue. Exploitation of this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

9CVSS7.8AI score0.00227EPSS
Exploits0References5Affected Software4
CNNVD
CNNVD
added 2024/09/13 12:0 a.m.4 views

Adobe ColdFusion 代码问题漏洞

Adobe ColdFusion is a suite of rapid application development platforms from the American company Audobee Adobe. The platform includes an integrated development environment and a scripting language. A code issue vulnerability exists in Adobe ColdFusion versions 2023.x through prior to 2023.10 and...

9.8CVSS6.6AI score0.30326EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/22 12:0 a.m.5 views

PT-2024-41504 · Git · Hdf5

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42538113 Crash type: UNKNOWN READ Crash state: H5FL reg malloc H5FL reg calloc H5O cache chk deserialize...

7.3AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/07/15 12:0 a.m.5 views

The vulnerability of the `JsonSerializer.DeserializeAsyncEnumerable` method in the System.Text.Json library of the Microsoft.NET software platform and the Microsoft Visual Studio development tools allows a attacker to cause a service failure.

The vulnerability of the JsonSerializer.DeserializeAsyncEnumerable method in the System.Text.Json library of the Microsoft .NET software platform and the Microsoft Visual Studio development tools is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a...

7.8CVSS6.6AI score0.02915EPSS
Exploits0References4Affected Software4
CNNVD
CNNVD
added 2024/07/10 12:0 a.m.3 views

Wukong_nocode Code Issue Vulnerability

Wukongnocode Wukong no code is Wukong CRM WukongCRM open source a no-code platform development tools. Enterprises can independently and quickly develop a suitable information system for the needs of the enterprise . Wukongnocode 20230807 previous version of the code problem vulnerability , the...

6.5CVSS6.9AI score0.00537EPSS
Exploits0References5
Snyk
Snyk
added 2024/07/09 9:14 p.m.3 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when using .NET's JsonSerializer.DeserializeAsyncEnumerable function on untrusted input. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and...

8.7CVSS7.1AI score0.02915EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.5 views

PT-2024-4734 · Microsoft +8 · Visual Studio +10

Name of the Vulnerable Software and Affected Versions: .NET Core versions prior to 8.x Visual Studio versions prior to 8.x Description: The issue is related to an uncontrolled resource consumption in the JsonSerializer.DeserializeAsyncEnumerable method of the System.Text.Json library in Microsoft...

8.7CVSS6.7AI score0.03065EPSS
Exploits0References84
Veracode
Veracode
added 2024/05/22 7:21 a.m.10 views

Arbitrary Code Execution

contao/core is vulnerable to Arbitrary Code Execution. The vulnerability is due to untrusted POST data being passed to the deserialize function which could result in Arbitrary Code Execution...

7.2AI score
Exploits0
Mageia
Mageia
added 2024/05/21 11:17 p.m.43 views

Updated python-pymongo packages fix security vulnerability

Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the...

7.3AI score
Exploits0References2
OSV
OSV
added 2024/05/17 10:32 p.m.8 views

GHSA-7H74-7VCW-4MWP Insecure deserialize Vulnerability in FLOW3

Due to a missing signature HMAC for a request argument, an attacker could unserialize arbitrary objects within FLOW3. To our knowledge it is neither possible to inject code through this vulnerability, nor are there exploitable objects within the FLOW3 Base Distribution. However, there might be...

3.7CVSS7.3AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/05/17 10:32 p.m.17 views

Insecure deserialize Vulnerability in FLOW3

Due to a missing signature HMAC for a request argument, an attacker could unserialize arbitrary objects within FLOW3. To our knowledge it is neither possible to inject code through this vulnerability, nor are there exploitable objects within the FLOW3 Base Distribution. However, there might be...

7.3AI score
Exploits0References3Affected Software1
NVD
NVD
added 2024/05/16 11:15 a.m.18 views

CVE-2024-4838

The ConvertPlus plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.26 via deserialization of untrusted input from the 'settingsencoded' attribute of the 'smilemodal' shortcode. This makes it possible for authenticated attackers, with...

7.5CVSS8.8AI score0.00594EPSS
Exploits0References2
OSV
OSV
added 2024/05/15 6:31 p.m.6 views

GHSA-WQ43-8R5P-W3MC contao/core PHP object injection vulnerability allows for arbitrary code execution

PHP object injection vulnerability was identified in contao/core due to untrusted data being passed to deserialize function...

7.4AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/05/15 6:31 p.m.9 views

contao/core PHP object injection vulnerability allows for arbitrary code execution

PHP object injection vulnerability was identified in contao/core due to untrusted data being passed to deserialize function...

7.4AI score
Exploits0References6Affected Software1
Rows per page
Query Builder