Lucene search
K

1730 matches found

Friends Of PHP
Friends Of PHP
added 2026/06/09 9:3 a.m.8 views

TYPO3-CORE-SA-2026-018: Insecure Deserialization in Core API

More info at https://typo3.org/security/advisory/typo3-core-sa-2026-018...

6.3CVSS5.4AI score0.00215EPSS
Exploits0Affected Software1
Packet Storm
Packet Storm
added 2026/06/08 12:0 a.m.52 views

📄 Wazuh Cluster Remote Code Execution / Insecure Deserialization

This is a Metasploit Framework exploit module targeting a critical remote code execution vulnerability in Wazuh cluster mode identified as CVE-2026-25769. The flaw is described as an insecure deserialization issue in the cluster synchronization mechanism, where the master node improperly processe...

9.1CVSS6.6AI score0.09246EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.11 views

CVE-2026-7304

SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads will be deserialized without validation...

9.8CVSS6.3AI score0.00585EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.10 views

CVE-2026-31229

The Adversarial Robustness Toolbox ART thru 1.20.1 contains an insecure deserialization vulnerability CWE-502 in its Kubeflow component's model loading functionality. When loading model weights from a file e.g., model.pt during robustness evaluation, the code uses torch.load without the...

9.8CVSS6.1AI score0.006EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.8 views

CVE-2026-31221

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...

8.8CVSS6.2AI score0.00385EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.9 views

CVE-2026-31224

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the MultitaskClassifier.load method of the MultitaskClassifier class. The method loads model weight files using torch.load without enabling the security-restrictive weightsonly=True parameter. This...

8.8CVSS6.3AI score0.00392EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.8 views

CVE-2026-31239

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

9.8CVSS5.8AI score0.00409EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.11 views

CVE-2026-25551

Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remoting endpoint is bound to localhost on TCP port 7375 via BtSystem.Service.exe, limiting the attack...

8.5CVSS6AI score0.0013EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.9 views

CVE-2026-3357

IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component...

8.8CVSS6.1AI score0.00466EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.10 views

CVE-2026-9291

Insecure deserialization in the job results processing component in Amazon Braket SDK before 1.117.0 might allow a remote authenticated user with S3 write access to the job output bucket to achieve arbitrary code execution on any machine that processes job results. We recommend you upgrade to...

7.5CVSS6.3AI score0.0038EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.7 views

CVE-2026-8135

Concrete CMS 9.5.0 and below is vulnerable to Remote Code Execution due to insecure deserialization occurring in the ExpressEntryList block controller. An rogue administrator with privileges to add blocks to an area can bypass the intended protection mechanism fromCIF === true, which normally...

8.9CVSS5.8AI score0.0047EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 6:16 p.m.10 views

CVE-2026-25551

Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remoting endpoint is bound to localhost on TCP port 7375 via BtSystem.Service.exe, limiting the attack...

8.5CVSS0.0013EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/04 5:20 p.m.6 views

CVE-2026-25551

Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remoting endpoint is bound to localhost on TCP port 7375 via BtSystem.Service.exe, limiting the attack...

8.5CVSS6.2AI score0.0013EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/04 5:20 p.m.9 views

CVE-2026-25551 Seagull Software BarTender Deserialization Privilege Escalation via .NET Remoting Service

Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remoting endpoint is bound to localhost on TCP port 7375 via BtSystem.Service.exe, limiting the attack...

8.5CVSS6AI score0.0013EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/04 5:20 p.m.12 views

EUVD-2026-34306

Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remoting endpoint is bound to localhost on TCP port 7375 via BtSystem.Service.exe, limiting the attack...

8.5CVSS6.2AI score0.0013EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.6 views

Seagull BarTender 代码问题漏洞

Seagull BarTender is an enterprise-level labeling, barcode, and RFID design and printing software developed by Seagull Corporation in the United States. Versions of Seagull BarTender from 2.1 to 12.1.1 contain code-related vulnerabilities. These vulnerabilities stem from insecure deserialization...

8.5CVSS5.5AI score0.0013EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Manga/Image Translator 安全漏洞

Manga/Image Translator is a text-to-image translation tool developed by zyddnys’ individual developers. Manga/Image Translator has a security vulnerability, which stems from insecure deserialization during the shared API server mode. This vulnerability could allow remote attackers to execute...

9.8CVSS6.2AI score0.00622EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/27 4:17 a.m.7 views

SUSE CVE-2023-30534

Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. While a viable gadget chain exists in Cacti's vendor directory phpseclib, the necessary gadgets are not included, making them inaccessible an...

4.3CVSS6.8AI score0.02569EPSS
Exploits1References3
OSV
OSV
added 2026/05/26 1:30 p.m.2 views

GHSA-29PF-2H5F-8G72 HuggingFace transformers vulnerable to remote code execution

A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows an attacker to craft a malicious config.json file containing the attnimplementationinternal field set to an attacker-controlled HuggingFac...

7.8CVSS7.8AI score0.00479EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2026/05/25 1:17 a.m.82 views

Exploit for CVE-2026-36239

CVE-2026-36239 CVE-2026-36239: Authenticated RCE in PbootCMS v...

6.4AI score0.00312EPSS
Exploits1
Rows per page
Query Builder