293 matches found
CVE-2026-7712 MindsDB Pickle pickle.loads deserialization
A security vulnerability has been detected in MindsDB up to 26.01. Affected is the function pickle.loads of the component Pickle Handler. The manipulation leads to deserialization. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vend...
CVE-2026-7712
CVE-2026-7712 affects MindsDB up to version 26.01, with the vulnerability centered on the Pickle Handler's pickle.loads deserialization. The issue allows remote manipulation that leads to deserialization, and the exploit has been publicly disclosed and may be used. The vendor has not responded to...
CVE-2026-7669
A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the function gettokenizer of the file python/sglang/srt/utils/hftransformersutils.py of the component HuggingFace Transformer Handler. The manipulation of the argument trustremotecode with the input False as part of Boole...
CVE-2026-7669
A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the function gettokenizer of the file python/sglang/srt/utils/hftransformersutils.py of the component HuggingFace Transformer Handler. The manipulation of the argument trustremotecode with the input False as part of Boole...
EUVD-2026-26802
A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the function gettokenizer of the file python/sglang/srt/utils/hftransformersutils.py of the component HuggingFace Transformer Handler. The manipulation results in deserialization. The attack can be executed remotely. A hi...
GHSA-XQXW-R767-67M7 mem0ai mem0 has an Improper Input Validation Issue
A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vectorstores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used...
CVE-2026-7597 mem0ai mem0 faiss.py pickle.dump deserialization
A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vectorstores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used...
EUVD-2026-26721
A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vectorstores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used...
CVE-2026-7317
A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache Value Handler. The manipulation results in deserialization. The attack may be...
Unisys WebPerfect Image Suite 安全漏洞
Unisys WebPerfect Image Suite is an enterprise document imaging and management system developed by Unisys, Inc. Both versions of Unisys WebPerfect Image Suite 3.0.3960.22810 and 3.0.3960.22604 contain security vulnerabilities. These vulnerabilities stem from the exposure of deprecated.NET Remotin...
CVE-2026-5659 pytries datrie trie File datrie.pyx Trie.__setstate__ deserialization
A vulnerability was found in pytries datrie up to 0.8.3. The affected element is the function Trie.load/Trie.read/Trie.setstate of the file src/datrie.pyx of the component trie File Handler. The manipulation results in deserialization. The attack can be launched remotely. The exploit has been mad...
PT-2026-30602
A vulnerability was found in pytries datrie up to 0.8.3. The affected element is the function Trie.load/Trie.read/Trie. setstate of the file src/datrie.pyx of the component trie File Handler. The manipulation results in deserialization. The attack can be launched remotely. The exploit has been ma...
CVE-2026-5536
A weakness has been identified in FedML-AI FedML up to 0.8.9. Affected is the function sendMessage of the file grpcserver.py of the component gRPC server. Executing a manipulation can lead to deserialization. The attack may be performed from remote. The vendor was contacted early about this...
CVE-2026-5536 FedML-AI FedML gRPC server grpc_server.py sendMessage deserialization
A weakness has been identified in FedML-AI FedML up to 0.8.9. Affected is the function sendMessage of the file grpcserver.py of the component gRPC server. Executing a manipulation can lead to deserialization. The attack may be performed from remote. The vendor was contacted early about this...
CVE-2026-33728
dd-trace-java is a Datadog APM client for Java. In versions of dd-trace-java 0.40.0 through prior to 1.60.2, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and earlier, an attacker with network access ...
CVE-2026-4860
A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. This affects the function GenericFastJsonRedisSerializer of the file src/main/java/com/genersoft/iot/vmp/conf/redis/RedisTemplateConfig.java of the component API Endpoint. The manipulation results in deserialization. It...
CVE-2026-4860
A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. This affects the function GenericFastJsonRedisSerializer of the file src/main/java/com/genersoft/iot/vmp/conf/redis/RedisTemplateConfig.java of the component API Endpoint. The manipulation results in deserialization. It...
CVE-2026-4860 648540858 wvp-GB28181-pro API Endpoint RedisTemplateConfig.java GenericFastJsonRedisSerializer deserialization
A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. This affects the function GenericFastJsonRedisSerializer of the file src/main/java/com/genersoft/iot/vmp/conf/redis/RedisTemplateConfig.java of the component API Endpoint. The manipulation results in deserialization. It...
CVE-2026-3967
Alfresco Activiti up to versions 7.19/8.8.0 is affected by a deserialization flaw in the function deserialize/createObjectInputStream of activiti-core/activiti-engine/src/main/java/org/activiti/engine/impl/variable/SerializableType.java within the Process Variable Serialization System. This leads...
CVE-2026-2898
A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulation of the argument cloudaccount results in deserialization. The attack may be performed from...