Lucene search
K

1730 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/19 12:0 a.m.7 views

CVE-2026-31072

The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...

6AI score0.0081EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/19 12:0 a.m.31 views

CVE-2026-31072

The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...

0.0081EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/19 12:0 a.m.9 views

CVE-2026-31072

The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...

6AI score0.0081EPSS
Exploits0References2
CVE
CVE
added 2026/05/19 12:0 a.m.32 views

CVE-2026-31072

The vulnerability CVE-2026-31072 affects APScheduler’s JSONSerializer and CBORSerializer across all versions (including 3.10.x and 4.0.0a5). The root cause is insecure deserialization: the unmarshal_object function can instantiate arbitrary classes and inject state by dynamically importing module...

9.8CVSS6AI score0.0081EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/19 12:0 a.m.7 views

CVE-2026-31072

The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...

9.8CVSS6AI score0.0081EPSS
Exploits0
EUVD
EUVD
added 2026/05/19 12:0 a.m.10 views

EUVD-2026-30947

The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...

6AI score0.0081EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.12 views

PT-2026-41945

Name of the Vulnerable Software and Affected Versions APScheduler affected versions not specified Description The JSONSerializer and CBORSerializer are subject to Remote Code Execution RCE through insecure deserialization. The unmarshal object function enables arbitrary class instantiation and...

9.8CVSS6AI score0.0081EPSS
Exploits0References17
Github Security Blog
Github Security Blog
added 2026/05/18 1:27 p.m.25 views

Graphite Has a Pickle Deserialization Vulnerability

Impact Type of vulnerability: Insecure Deserialization via Python's pickle module. Who is impacted: Users of Graphite graph database engine versions before 0.2 who load database files from untrusted or third-party sources. An attacker could craft a malicious database file that executes arbitrary...

6AI score
Exploits0References3Affected Software1
GithubExploit
GithubExploit
added 2026/05/18 10:53 a.m.100 views

Exploit for OS Command Injection in Lfprojects Mlflow

Below is a structured, markdown-formatted vulnerability research...

9.6CVSS7.9AI score0.01328EPSS
Exploits2
GithubExploit
GithubExploit
added 2026/05/17 7:41 a.m.69 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Security Lab "React2Shell" This repository c...

10CVSS6.1AI score0.99562EPSS
Exploits372
RedhatCVE
RedhatCVE
added 2026/05/15 7:57 p.m.10 views

CVE-2026-31222

The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability CWE-502 in the Trainer.load method of the Trainer class. The method loads model checkpoint files using torch.load without enabling the security-restrictive weightsonly=True parameter. This default behavior allows...

8.8CVSS6.3AI score0.00392EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/15 7:57 p.m.12 views

CVE-2026-31219

The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When a user provides a single model file path e.g., .pt or .pth via the --model command-line argumen...

8.8CVSS6.3AI score0.00559EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/15 7:57 p.m.11 views

CVE-2026-31223

The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability CWE-502 in the BaseLabeler.load method of the BaseLabeler class. The method loads serialized labeler models using the unsafe pickle.load function on user-supplied file paths without any validation or...

8.8CVSS6.5AI score0.00392EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/15 7:57 p.m.9 views

CVE-2026-31218

The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 is vulnerable to insecure deserialization CWE-502. When loading a model state dictionary from a statedict.pt file via torch.load, the function does not...

8.8CVSS6.3AI score0.00559EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/15 1:57 a.m.11 views

CVE-2026-31237

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 through its predict method. When a user provides a dataset file path to the predict method, the framework automatically determines the file format. If the file is a pickle .pkl file, it is loaded using...

9.8CVSS6.3AI score0.006EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/15 1:57 a.m.9 views

CVE-2026-31235

The imgaug library thru 0.4.0 contains an insecure deserialization vulnerability in its BackgroundAugmenter class within the multicore.py module. The class uses Python's pickle module to deserialize data received via a multiprocessing queue in the augmentimagesworker method without any safety...

9.8CVSS6.5AI score0.00472EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/15 1:57 a.m.9 views

CVE-2026-31238

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization CWE-502 in its model serving component. When starting a model server with the ludwig serve command, the framework loads model weight files using torch.load without enabling the security-restrictive weightsonly=True...

9.8CVSS6.3AI score0.00497EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/15 1:57 a.m.8 views

CVE-2026-31232

The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its model loading process. When loading model files .pt from a user-specified directory via the --modeldir argument, the code uses torch.load without...

8.8CVSS6.5AI score0.00458EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/15 1:57 a.m.12 views

CVE-2026-31234

Horovod thru 0.28.1 contains an insecure deserialization vulnerability CWE-502 in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT...

9.8CVSS6.4AI score0.00687EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-31221

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The...

8.8CVSS6.3AI score0.00385EPSS
Exploits1References2
Rows per page
Query Builder