Apache Camel 代码问题漏洞

Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern EIP, developed by the Apache Foundation in the United States. This framework provides implementations of Java objects in accordance with the EIP pattern, and routing and mediation rules are configured...

c3p0: c3p0: Arbitrary Code Execution via deserialization of crafted objects

A flaw was found in c3p0, a Java Database Connectivity JDBC Connection pooling library. This vulnerability allows an attacker to achieve arbitrary code execution by providing maliciously crafted Java-serialized objects or javax.naming.Reference instances. By manipulating the userOverridesAsString...

CVE-2026-27830

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

MiracleLinux 7 : xmlrpc-3.1.3-9.el7 (AXSA:2018-3132:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3132:01 advisory. xmlrpc: Deserialization of untrusted Java object through tag CVE-2016-5003 Tenable has extracted the preceding description block directly from the MiracleLin...

MiracleLinux 4 : xmlrpc3-3.0-4.17.AXS4 (AXSA:2018-3129:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3129:01 advisory. xmlrpc: Deserialization of untrusted Java object through tag CVE-2016-5003 Tenable has extracted the preceding description block directly from the MiracleLin...

Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization

A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration. Mitigation Disable LDAP referrals in all LDAP user providers in all realms...

Duplicate Advisory: Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4hx9-48xh-5mxr. This link is maintained to preserve external references. Original Description A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm...

CVE-2025-13467 Org.keycloak.storage.ldap: keycloak: deserialization of untrusted data in ldap user federation

A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration...

Red Hat build of Keycloak 安全漏洞

Red Hat build of Keycloak is a web application for single sign-on from Red Hat, Inc. A security vulnerability exists in Red Hat build of Keycloak version 26.2, which originates from deserializing untrusted Java objects and could lead to remote code execution...

EUVD-2023-3294

Malicious code in bioql PyPI...

EUVD-2023-28958

Malicious code in bioql PyPI...

EUVD-2025-16888

Malicious code in bioql PyPI...

EUVD-2021-28602

Malicious code in bioql PyPI...

EUVD-2023-24437

Malicious code in bioql PyPI...

CVE-2025-20276

A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insecure...

Cisco Unified CCX 代码问题漏洞

Cisco Unified CCX is a contact center software from Cisco USA. A code issue vulnerability exists in Cisco Unified CCX that stems from insecure deserialization of Java objects, which could lead to the execution of arbitrary code...

CVE-2024-28213

nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization...

CVE-2023-20258

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This vulnerability is due to improper processing of serialized Java objects by the affected...

CVE-2021-41588

In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys...

CVE-2025-32408

CVE-2025-32408 affects Soffid Console prior to 3.6.32 (specifically 3.6.31 and earlier). The root cause is mishandled authorization to use the PAM service, as described in multiple sources. The base CVSS score is low (2.5, LOCAL access, high attack complexity, no user interaction). Red Hat and ot...