237 matches found
CVE-2025-60828
WukongCRM-9.0-JAVA was discovered to contain a fastjson deserialization vulnerability via the /OaExamine/setOaExamine interface...
PT-2025-41259
Name of the Vulnerable Software and Affected Versions WukongCRM version 9.0-JAVA Description The software contains a fastjson deserialization issue through the /OaExamine/setOaExamine API endpoint. The vulnerability is triggered via this interface. Recommendations At the moment, there is no...
EUVD-2025-33170
WukongCRM-9.0-JAVA was discovered to contain a fastjson deserialization vulnerability via the /OaExamine/setOaExamine interface...
EUVD-2025-19719
Malicious code in bioql PyPI...
EUVD-2024-53732
Malicious code in bioql PyPI...
EUVD-2024-53731
Malicious code in bioql PyPI...
EUVD-2024-53734
Malicious code in bioql PyPI...
fastjson-remote-code-execute-poc
This is a Java-based proof-of-concept PoC exploit for a remote code execution RCE vulnerability in the FastJSON library, version 1.2.24. The exploit is designed to be used with IntelliJ IDEA, a popular integrated development environment IDE for Java development. The exploit consists of two main...
Exploit for CVE-2021-22006
It is an exploit module/toolkit targeting JNDI vulnerabilities. The primary CVE ID is CVE-2021-22006. The target product/service is Java-based applications, specifically those using JNDI services. The vulnerability class/vector is RCE Remote Code Execution, and the probable entry points are...
vulhub
This is a pre-built vulnerable environment based on Docker-Compose, provided by the Vulhub project. The repository contains a collection of vulnerable applications and services, along with their corresponding Dockerfiles and configuration files. The vulnerable environments are designed to help...
OSV-2025-547 Security exception in com.alibaba.fastjson2.JSONReader.readArray
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=431584944 Crash type: Security exception Crash state: com.alibaba.fastjson2.JSONReader.readArray java.base/java.nio.charset.CharsetEncoder. java.base/java.nio.charset.CharsetEncoder...
The vulnerability of the Fastjson library in the applyCT component of the HikCentral video surveillance and security management software allows a perpetrator to execute arbitrary code.
The vulnerability of the Fastjson library used in the applyCT component of the HikCentral video surveillance and security management software is related to deficiencies in the deserialization mechanism when processing json files. Exploiting this vulnerability allows an attacker to execute arbitra...
CVE-2025-34067
An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an...
CVE-2025-34067
An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an...
CVE-2025-34067 Hikvision Integrated Security Management Platform Remote Command Execution via applyCT Fastjson
An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an...
CVE-2025-34067 Hikvision Integrated Security Management Platform Remote Command Execution via applyCT Fastjson
An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an...
CVE-2025-34067
CVE-2025-34067 affects Hikvision Integrated Security Management Platform (applyCT component). The flaw is deserialization of untrusted input in /bic/ssoService/v1/applyCT via vulnerable Fastjson auto-type, enabling remote code execution by loading a malicious Java class referenced through an LDAP...
VulnCheck KEV: CVE-2025-34067
An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an...
VulnCheck KEV: CVE-2025-70974
Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection with an...
FastJSON Object Deserialization
Serialization is the process of converting an object to a stream of bytes, in order to store or send it through the network. By opposition, deserialization is the process of reconstructing an object from this stream of bytes. When an application using the FastJSON library performs untrusted data...