Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 5 days ago5 views

CVE-2026-48207

Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...

9.8CVSS5.4AI score0.0014EPSS
Exploits0References1
NVD
NVDadded 2026/05/21 5:16 p.m.10 views

CVE-2026-48207

Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...

9.8CVSS0.0014EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/21 3:51 p.m.35 views

CVE-2026-48207 Apache Fory: PyFory ReduceSerializer Incomplete Policy Enforcement

Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...

0.0014EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/21 3:51 p.m.3 views

CVE-2026-48207

Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...

9.8CVSS5.8AI score0.0014EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/21 3:51 p.m.7 views

CVE-2026-48207 Apache Fory: PyFory ReduceSerializer Incomplete Policy Enforcement

Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...

5.8AI score0.0014EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/21 3:51 p.m.7 views

EUVD-2026-31292

Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...

9.8CVSS5.8AI score0.0014EPSS
Exploits0References1
CVE
CVEadded 2026/05/21 3:51 p.m.13 views

CVE-2026-48207

CVE-2026-48207 affects Apache Fory: PyFory ReduceSerializer deserializes attacker-controlled data and could bypass DeserializationPolicy validation during reduce-state restoration and global-name resolution. Impact is high (CVSS 3.1: 9.8, CRITICAL, NETWORK/LOW/ NONE user interactions). The issue ...

9.8CVSS5.8AI score0.0014EPSS
Exploits0References2Affected Software1
CNNVD
CNNVDadded 2026/05/21 12:0 a.m.6 views

Apache Fory 代码问题漏洞

Apache Fory is a serialization framework developed by the Apache Foundation. Versions of Apache Fory prior to 1.0.0 contained code vulnerabilities. These vulnerabilities stemmed from the ReduceSerializer in PyFory, which might bypass the DeserializationPolicy validation hook during state...

9.8CVSS5.9AI score0.0014EPSS
Exploits0References1
Rows per page
Query Builder