EUVD-2026-9037

Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hexcore hexapi modules, hexpm hex mixhexapi modules, erlang rebar3 r3hexapi modules allows Object Injection, Excessive Allocation. This vulnerability is associated with program files src/hexapi.erl,...

CVE-2026-21619

CVE-2026-21619 affects Hex ecosystem: hex_core (src/hex_api.erl), hex (src/mix_hex_api.erl), and rebar3 (apps/rebar/src/vendored/r3_hex_api.erl). The issue is an Uncontrolled Resource Consumption and Deserialization of Untrusted Data that allows Object Injection and excessive allocation via hex_c...

EEF-CVE-2026-21619 Unsafe Deserialization of Erlang Terms in hex_core

Summary Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hexcore hexapi modules, hexpm hex mixhexapi modules, erlang rebar3 r3hexapi modules allows Object Injection, Excessive Allocation. This vulnerability is associated with program files src/hexapi.erl...

CVE-2026-21619

Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hexcore hexapi modules, hexpm hex mixhexapi modules, erlang rebar3 r3hexapi modules allows Object Injection, Excessive Allocation. This vulnerability is associated with program files src/hexapi.erl,...

CVE-2026-28138

Deserialization of Untrusted Data vulnerability in Stylemix uListing ulisting allows Object Injection.This issue affects uListing: from n/a through = 2.2.0...

WordPress Pizza House theme <= 1.4.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Pizza House versions = 1.4.0...

hex_core 安全漏洞

hexcore is a hexadecimal implementation library developed by Hex Open Source. Vulnerabilities exist in versions of hexcore prior to 0.12.1, hex prior to 2.3.2, and rebar3 prior to 3.27.0. These vulnerabilities stem from uncontrolled resource consumption and insecure data deserialization, which ma...

PT-2026-22367

Name of the Vulnerable Software and Affected Versions hex core versions 0.1.0 through 0.12.0 hex versions 2.3.0 through 2.3.1 rebar3 versions 3.9.1 through 3.26.9 Description An issue exists in hex core, hex, and rebar3 related to uncontrolled resource consumption and deserialization of untrusted...

WordPress Good Energy theme <= 1.7.7 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Good Energy versions = 1.7.7...

EUVD-2026-8847

Deserialization of Untrusted Data vulnerability in Stylemix uListing ulisting allows Object Injection.This issue affects uListing: from n/a through = 2.2.0...

CVE-2026-28138

Deserialization of Untrusted Data vulnerability in Stylemix uListing ulisting allows Object Injection.This issue affects uListing: from n/a through = 2.2.0...

CVE-2026-28138 WordPress uListing plugin <= 2.2.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Stylemix uListing ulisting allows Object Injection.This issue affects uListing: from n/a through = 2.2.0...

CVE-2026-28138

Deserialization of Untrusted Data vulnerability in Stylemix uListing ulisting allows Object Injection.This issue affects uListing: from n/a through = 2.2.0...

CVE-2026-28138

CVE-2026-28138 affects WordPress plugin uListing: versions through 2.2.0. The vulnerability is PHP object injection via deserialization of untrusted data in uListing (undisclosed root cause in provided docs). Impact is indicated as high in CVSS 3.1: high confidentiality, integrity, availability i...

CVE-2026-28138 WordPress uListing plugin <= 2.2.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Stylemix uListing ulisting allows Object Injection.This issue affects uListing: from n/a through = 2.2.0...

WordPress plugin uListing 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-22136

Name of the Vulnerable Software and Affected Versions Stylemix uListing versions through 2.2.0 Description The software contains a flaw due to deserialization of untrusted data, which allows for object injection. This issue impacts the uListing component. Recommendations Versions prior to and...

WordPress PowerPress Podcasting plugin <= 11.15.10 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin PowerPress Podcasting versions = 11.15.10...

📄 PDF Object Injection Generator

PDF object injection is a vulnerability in applications that dynamically generate PDFs from user input without proper validation or escaping. This proof of concept generates a malicious pdf for testing software such as jsPDF...

WordPress Celeste theme <= 1.3.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Celeste versions = 1.3.6...