Lucene search
K

237 matches found

Vulnrichment
Vulnrichment
added 2025/10/08 12:0 a.m.4 views

CVE-2025-60828

WukongCRM-9.0-JAVA was discovered to contain a fastjson deserialization vulnerability via the /OaExamine/setOaExamine interface...

7AI score0.00326EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/10/08 12:0 a.m.8 views

PT-2025-41259

Name of the Vulnerable Software and Affected Versions WukongCRM version 9.0-JAVA Description The software contains a fastjson deserialization issue through the /OaExamine/setOaExamine API endpoint. The vulnerability is triggered via this interface. Recommendations At the moment, there is no...

6.5CVSS6.6AI score0.00326EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/08 12:0 a.m.7 views

EUVD-2025-33170

WukongCRM-9.0-JAVA was discovered to contain a fastjson deserialization vulnerability via the /OaExamine/setOaExamine interface...

6.5CVSS6.8AI score0.00326EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-19719

Malicious code in bioql PyPI...

10CVSS9.3AI score0.18666EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-53732

Malicious code in bioql PyPI...

9.1CVSS6.6AI score0.00494EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-53731

Malicious code in bioql PyPI...

9.1CVSS6.6AI score0.00494EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-53734

Malicious code in bioql PyPI...

9.1CVSS6.6AI score0.00494EPSS
Exploits1References1
Gitee
Gitee
added 2025/09/14 6:53 p.m.114 views

fastjson-remote-code-execute-poc

This is a Java-based proof-of-concept PoC exploit for a remote code execution RCE vulnerability in the FastJSON library, version 1.2.24. The exploit is designed to be used with IntelliJ IDEA, a popular integrated development environment IDE for Java development. The exploit consists of two main...

8.1AI score
Exploits0
Gitee
Gitee
added 2025/09/14 6:28 p.m.99 views

Exploit for CVE-2021-22006

It is an exploit module/toolkit targeting JNDI vulnerabilities. The primary CVE ID is CVE-2021-22006. The target product/service is Java-based applications, specifically those using JNDI services. The vulnerability class/vector is RCE Remote Code Execution, and the probable entry points are...

7.5CVSS7AI score0.06334EPSS
Exploits2
Gitee
Gitee
added 2025/09/06 12:9 p.m.95 views

vulhub

This is a pre-built vulnerable environment based on Docker-Compose, provided by the Vulhub project. The repository contains a collection of vulnerable applications and services, along with their corresponding Dockerfiles and configuration files. The vulnerable environments are designed to help...

7AI score
Exploits0
OSV
OSV
added 2025/07/15 12:9 a.m.7 views

OSV-2025-547 Security exception in com.alibaba.fastjson2.JSONReader.readArray

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=431584944 Crash type: Security exception Crash state: com.alibaba.fastjson2.JSONReader.readArray java.base/java.nio.charset.CharsetEncoder. java.base/java.nio.charset.CharsetEncoder...

7AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/07/09 12:0 a.m.5 views

The vulnerability of the Fastjson library in the applyCT component of the HikCentral video surveillance and security management software allows a perpetrator to execute arbitrary code.

The vulnerability of the Fastjson library used in the applyCT component of the HikCentral video surveillance and security management software is related to deficiencies in the deserialization mechanism when processing json files. Exploiting this vulnerability allows an attacker to execute arbitra...

10CVSS8.5AI score0.18666EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/07/04 2:22 p.m.20 views

CVE-2025-34067

An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an...

10CVSS9.7AI score0.18666EPSS
Exploits0References1
NVD
NVD
added 2025/07/02 2:15 p.m.20 views

CVE-2025-34067

An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an...

10CVSS0.18666EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/02 1:44 p.m.46 views

CVE-2025-34067 Hikvision Integrated Security Management Platform Remote Command Execution via applyCT Fastjson

An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an...

10CVSS0.18666EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/07/02 1:44 p.m.11 views

CVE-2025-34067 Hikvision Integrated Security Management Platform Remote Command Execution via applyCT Fastjson

An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an...

10CVSS9.6AI score0.18666EPSS
Exploits0References3
CVE
CVE
added 2025/07/02 1:44 p.m.173 views

CVE-2025-34067

CVE-2025-34067 affects Hikvision Integrated Security Management Platform (applyCT component). The flaw is deserialization of untrusted input in /bic/ssoService/v1/applyCT via vulnerable Fastjson auto-type, enabling remote code execution by loading a malicious Java class referenced through an LDAP...

10CVSS9.6AI score0.18666EPSS
In wildExploits0References3
VulnCheck KEV
VulnCheck KEV
added 2025/07/02 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-34067

An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an...

10CVSS8AI score0.18666EPSS
In wildExploits0References59
VulnCheck KEV
VulnCheck KEV
added 2025/06/23 12:0 a.m.92 views

VulnCheck KEV: CVE-2025-70974

Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection with an...

10CVSS5.8AI score0.3897EPSS
In wildExploits7References3
Tenable Nessus
Tenable Nessus
added 2025/06/17 12:0 a.m.3 views

FastJSON Object Deserialization

Serialization is the process of converting an object to a stream of bytes, in order to store or send it through the network. By opposition, deserialization is the process of reconstructing an object from this stream of bytes. When an application using the FastJSON library performs untrusted data...

7.7AI score
Exploits0References4
Rows per page
Query Builder