21 matches found
CVE-2026-48207
Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...
CVE-2026-48207
Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...
CVE-2026-48207 Apache Fory: PyFory ReduceSerializer Incomplete Policy Enforcement
Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...
EUVD-2026-31292
Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...
PT-2026-42479
Name of the Vulnerable Software and Affected Versions Apache Fory versions prior to 1.0.0 Description Deserialization of untrusted data in Apache Fory PyFory occurs because the ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and...
Deserialization Of Untrusted Data
pyfory and pyfury are vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to the ability to craft a malicious serialized data stream that triggers the pickle-fallback serializer, which allows an attacker to invoke pickle.loads and achieve remote code execution...
PT-2025-44571
Name of the Vulnerable Software and Affected Versions React Router versions 7.0.0 through 7.9.3 @remix-run/deno versions prior to 2.17.2 @remix-run/node versions prior to 2.17.2 Description The issue concerns a path traversal flaw in React Router and Remix when using the createFileSessionStorage...
PT-2025-44570
Name of the Vulnerable Software and Affected Versions react-router versions 7.0.0 through 7.8.2 @remix-run/react versions 1.15.0 through 2.17.0 Description A cross-site scripting XSS issue exists in React Router's meta/ APIs in Framework Mode when generating script:ld+json tags. This could allow...
EUVD-2025-31867
EUVD-2025-31867...
Exploit for CVE-2025-61622
PoC exploit for CVE-2025-61622, a Remote Code Execution RCE vu...
📄 Apache Pyfory 0.12.2 Remote Code Execution
This proof of concept exploit demonstrates the remote code execution vulnerability in Apache Pyfory versions 0.12.0 through 0.12.2 and legacy PyFury versions 0.1.0 through 0.10.3 due to an insecure pickle fallback deserialization. !/usr/bin/env python3 """...
CVE-2025-61622
Deserialization of untrusted data in python in pyfory versions 0.12.0 through 0.12.2, or the legacy pyfury versions from 0.1.0 through 0.10.3: allows arbitrary code execution. An application is vulnerable if it reads pyfory serialized data from untrusted sources. An attacker can craft a data stre...
GHSA-538V-3WQ9-4H3R Apache Pyfory python is vulnerable to deserialization of untrusted data
Deserialization of untrusted data in python in pyfory versions 0.12.0 through 0.12.2, or the legacy pyfury versions from 0.1.0 through 0.10.3: allows arbitrary code execution. An application is vulnerable if it reads pyfory serialized data from untrusted sources. An attacker can craft a data stre...
Apache Pyfory python is vulnerable to deserialization of untrusted data
Deserialization of untrusted data in python in pyfory versions 0.12.0 through 0.12.2, or the legacy pyfury versions from 0.1.0 through 0.10.3: allows arbitrary code execution. An application is vulnerable if it reads pyfory serialized data from untrusted sources. An attacker can craft a data stre...
Deserialization of Untrusted Data
Overview pyfory is an Apache Fory™ is a blazingly fast multi-language serialization framework powered by jit and zero-copy Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the pickle module. An attacker can execute arbitrary code by crafting a data stream...
CVE-2025-61622
Deserialization of untrusted data in python in pyfory versions 0.12.0 through 0.12.2, or the legacy pyfury versions from 0.1.0 through 0.10.3: allows arbitrary code execution. An application is vulnerable if it reads pyfory serialized data from untrusted sources. An attacker can craft a data stre...
CVE-2025-61622
Deserialization of untrusted data in python in pyfory versions 0.12.0 through 0.12.2, or the legacy pyfury versions from 0.1.0 through 0.10.3: allows arbitrary code execution. An application is vulnerable if it reads pyfory serialized data from untrusted sources. An attacker can craft a data stre...
CVE-2025-61622 Apache Fory, Apache Fory: Python RCE via unguarded pickle fallback serializer in pyfory
Deserialization of untrusted data in python in pyfory versions 0.12.0 through 0.12.2, or the legacy pyfury versions from 0.1.0 through 0.10.3: allows arbitrary code execution. An application is vulnerable if it reads pyfory serialized data from untrusted sources. An attacker can craft a data stre...
CVE-2025-61622 Apache Fory, Apache Fory: Python RCE via unguarded pickle fallback serializer in pyfory
Deserialization of untrusted data in python in pyfory versions 0.12.0 through 0.12.2, or the legacy pyfury versions from 0.1.0 through 0.10.3: allows arbitrary code execution. An application is vulnerable if it reads pyfory serialized data from untrusted sources. An attacker can craft a data stre...
CVE-2025-61622
CVE-2025-61622 describes a deserialization vulnerability in Apache Pyfory (and legacy PyFury) where untrusted data can trigger a pickle.loads path during deserialization, enabling remote code execution. Affected: Pyfory versions 0.12.0–0.12.2 and legacy PyFury 0.1.0–0.10.3. The issue arises from ...