Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

46 matches found

OSV
OSVadded 2026/02/21 7:1 a.m.4 views

CVE-2026-27206 Zumba Json Serializer has a potential PHP Object Injection via Unrestricted @type in unserialize()

Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The deserializer instantiates any class specified in the @type field without restriction. When...

8.1CVSS6.3AI score0.00143EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/02/21 7:1 a.m.4 views

CVE-2026-27206

Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The deserializer instantiates any class specified in the @type field without restriction. When...

8.1CVSS6.3AI score0.00143EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/02/21 7:1 a.m.2 views

CVE-2026-27206 Zumba Json Serializer has a potential PHP Object Injection via Unrestricted @type in unserialize()

Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The deserializer instantiates any class specified in the @type field without restriction. When...

8.1CVSS6.2AI score0.00143EPSS
Exploits0References3
CNNVD
CNNVDadded 2026/02/21 12:0 a.m.4 views

Json Serializer for PHP 代码问题漏洞

Json Serializer for PHP is an open-source JSON serialization tool developed by Zumba. Versions of Json Serializer for PHP prior to 3.2.2 had code vulnerabilities. These vulnerabilities stemmed from the ability to deserialize PHP objects using the @type field, which could lead to PHP object...

8.1CVSS6.2AI score0.00143EPSS
Exploits0References5
OSV
OSVadded 2026/02/19 10:5 p.m.4 views

GHSA-V7M3-FPCR-H7M2 Zumba Json Serializer has a potential PHP Object Injection via Unrestricted @type in unserialize()

Description The zumba/json-serializer library allows deserialization of PHP objects from JSON using a special @type field. Prior to version 3.2.3, the deserializer would instantiate any class specified in the @type field without restriction. When processing untrusted JSON input, this behavior may...

8.1CVSS6.3AI score0.00143EPSS
Exploits0References5
Tenable Nessus
Tenable Nessusadded 2026/02/19 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2026-27206

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects fro...

8.1CVSS6AI score0.00143EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/01/01 12:0 a.m.1 views

PT-2026-20985

Name of the Vulnerable Software and Affected Versions Zumba Json Serializer versions 3.2.2 and below Description The Zumba Json Serializer library allows deserialization of PHP objects from JSON using a special @type field. Prior to version 3.2.3, the deserializer instantiates any class specified...

8.1CVSS6AI score0.00143EPSS
Exploits0References16
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2022-52205

Malicious code in bioql PyPI...

7.5CVSS5AI score0.00065EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2025/05/23 12:32 a.m.2 views

CVE-2022-4952

A vulnerability has been found in OmniSharp csharp-language-server-protocol up to 0.19.6 and classified as problematic. This vulnerability affects the function CreateSerializerSettings of the file src/JsonRpc/Serialization/SerializerBase.cs of the component JSON Serializer. The manipulation leads...

7.5CVSS7AI score0.00065EPSS
Exploits0References1
Snyk
Snykadded 2024/07/09 9:14 p.m.1 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when using .NET's JsonSerializer.DeserializeAsyncEnumerable function on untrusted input. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and...

8.7CVSS7.1AI score0.01793EPSS
Exploits0References2
NVD
NVDadded 2023/07/17 2:15 a.m.5 views

CVE-2022-4952

A vulnerability has been found in OmniSharp csharp-language-server-protocol up to 0.19.6 and classified as problematic. This vulnerability affects the function CreateSerializerSettings of the file src/JsonRpc/Serialization/SerializerBase.cs of the component JSON Serializer. The manipulation leads...

7.5CVSS0.00065EPSS
Exploits0References5
OSV
OSVadded 2023/07/17 2:15 a.m.12 views

CVE-2022-4952

A vulnerability has been found in OmniSharp csharp-language-server-protocol up to 0.19.6 and classified as problematic. This vulnerability affects the function CreateSerializerSettings of the file src/JsonRpc/Serialization/SerializerBase.cs of the component JSON Serializer. The manipulation leads...

7.5CVSS7.2AI score
Exploits0References5
Prion
Prionadded 2023/07/17 2:15 a.m.16 views

Information disclosure

A vulnerability has been found in OmniSharp csharp-language-server-protocol up to 0.19.6 and classified as problematic. This vulnerability affects the function CreateSerializerSettings of the file src/JsonRpc/Serialization/SerializerBase.cs of the component JSON Serializer. The manipulation leads...

5CVSS7.6AI score0.00065EPSS
Exploits0References5Affected Software1
Cvelist
Cvelistadded 2023/07/17 2:0 a.m.11 views

CVE-2022-4952 OmniSharp csharp-language-server-protocol JSON Serializer SerializerBase.cs CreateSerializerSettings resource consumption

A vulnerability has been found in OmniSharp csharp-language-server-protocol up to 0.19.6 and classified as problematic. This vulnerability affects the function CreateSerializerSettings of the file src/JsonRpc/Serialization/SerializerBase.cs of the component JSON Serializer. The manipulation leads...

3.5CVSS7.8AI score0.00065EPSS
Exploits0References5
CVE
CVEadded 2023/07/17 2:0 a.m.36 views

CVE-2022-4952

CVE-2022-4952 affects OmniSharp csharp-language-server-protocol up to 0.19.6. The vulnerability lies in the JSON Serializer’s CreateSerializerSettings function (SerializerBase.cs), where manipulation leads to resource consumption and potential denial of service. A fix is available in version 0.19...

7.5CVSS5.6AI score0.00065EPSS
Exploits0References5Affected Software1
Snyk
Snykadded 2022/05/24 4:57 p.m.3 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the deserialize function in the JSONSerializer class. An attacker can execute arbitrary code by sending a crafted JSON payload to the affected system. Details Serialization is a process of convertin...

9.8CVSS7.8AI score0.79558EPSS
Exploits1References2
OSV
OSVadded 2020/09/03 9:2 p.m.6 views

GHSA-CHH2-RVHG-WQWR Malicious Package in json-serializer

Version 2.0.10 of json-serializer contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evaluate...

7.2AI score
Exploits0References1
Github Security Blog
Github Security Blogadded 2020/09/03 9:2 p.m.20 views

Malicious Package in json-serializer

Version 2.0.10 of json-serializer contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evaluate...

4.3AI score
Exploits0References2Affected Software1
Veracode
Veracodeadded 2020/09/02 4:45 a.m.8 views

Malicious Package

json-serializer is a malicious package. The package contains code that when executed in the browser, would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...

1.5AI score
Exploits0
OSV
OSVadded 2020/09/01 8:27 p.m.11 views

GHSA-7XFQ-XH6V-4MRM Malicious Package in json-serializer

Version 2.0.10 of json-serializer contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 2.0.10 of this module is found installed yo...

9.8CVSS7.1AI score
Exploits0References1
Rows per page
Query Builder