Lucene search
K

292 matches found

Positive Technologies
Positive Technologies
added 2026/02/22 12:0 a.m.12 views

PT-2026-21403

A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulation of the argument cloud account results in deserialization. The attack may be performed from...

6.5CVSS5.2AI score0.00223EPSS
Exploits1References6
OSV
OSV
added 2026/02/16 12:16 p.m.7 views

CVE-2026-2555

A weakness has been identified in JeecgBoot 3.9.1. This vulnerability affects the function importDocumentFromZip of the file org/jeecg/modules/airag/llm/controller/AiragKnowledgeController.java of the component Retrieval-Augmented Generation. Executing a manipulation can lead to deserialization...

7.5CVSS5.1AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/16 12:2 p.m.5 views

CVE-2026-2555

A weakness has been identified in JeecgBoot 3.9.1. This vulnerability affects the function importDocumentFromZip of the file org/jeecg/modules/airag/llm/controller/AiragKnowledgeController.java of the component Retrieval-Augmented Generation. Executing a manipulation can lead to deserialization...

5CVSS5.1AI score0.0031EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/02/16 12:2 p.m.3 views

CVE-2026-2555 JeecgBoot Retrieval-Augmented Generation AiragKnowledgeController.java importDocumentFromZip deserialization

A weakness has been identified in JeecgBoot 3.9.1. This vulnerability affects the function importDocumentFromZip of the file org/jeecg/modules/airag/llm/controller/AiragKnowledgeController.java of the component Retrieval-Augmented Generation. Executing a manipulation can lead to deserialization...

5CVSS5.1AI score0.0031EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/02/09 1:33 a.m.9 views

CVE-2026-2113

A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible to be carried out...

9.8CVSS6.7AI score0.00554EPSS
Exploits3References1
NVD
NVD
added 2026/02/07 9:15 p.m.7 views

CVE-2026-2113

A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible to be carried out...

9.8CVSS0.00554EPSS
Exploits3References4
OSV
OSV
added 2026/02/07 9:2 p.m.5 views

CVE-2026-2113 yuan1994 tpadmin WebUploader preview.php deserialization

A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible to be carried out...

6.9CVSS6.4AI score0.00554EPSS
Exploits3References6
CVE
CVE
added 2026/02/07 9:2 p.m.11 views

CVE-2026-2113

tpadmin up to v1.3.12 is affected by a remote code execution/deserialization vulnerability in /public/static/admin/lib/webuploader/0.1.5/server/preview.php. The webuploader/preview.php endpoint lacks proper authentication and file validation, allowing unauthenticated attackers to upload arbitrary...

9.8CVSS5AI score0.00554EPSS
Exploits3References4Affected Software1
EUVD
EUVD
added 2026/02/07 9:2 p.m.7 views

EUVD-2026-5715

A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible to be carried out...

7.5CVSS5AI score0.00554EPSS
Exploits3References4
RedhatCVE
RedhatCVE
added 2026/01/31 9:14 p.m.13 views

CVE-2026-1691

A vulnerability has been found in bolo-solo up to 2.6.4. This impacts the function importMarkdownsSync of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component SnakeYAML. Such manipulation leads to deserialization. The attack may be launched remotely. The exploit has...

8.8CVSS6.1AI score0.00498EPSS
Exploits1References1
NVD
NVD
added 2026/01/30 5:16 p.m.7 views

CVE-2026-1691

A vulnerability has been found in bolo-solo up to 2.6.4. This impacts the function importMarkdownsSync of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component SnakeYAML. Such manipulation leads to deserialization. The attack may be launched remotely. The exploit has...

8.8CVSS0.00498EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/01/30 5:2 p.m.4 views

CVE-2026-1691 bolo-solo SnakeYAML BackupService.java importMarkdownsSync deserialization

A vulnerability has been found in bolo-solo up to 2.6.4. This impacts the function importMarkdownsSync of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component SnakeYAML. Such manipulation leads to deserialization. The attack may be launched remotely. The exploit has...

6.5CVSS5.4AI score0.00498EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/01/30 5:2 p.m.4 views

CVE-2026-1691

A vulnerability has been found in bolo-solo up to 2.6.4. This impacts the function importMarkdownsSync of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component SnakeYAML. Such manipulation leads to deserialization. The attack may be launched remotely. The exploit has...

6.5CVSS5.4AI score0.00498EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.10 views

PT-2026-5427

A vulnerability has been found in bolo-solo up to 2.6.4. This impacts the function importMarkdownsSync of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component SnakeYAML. Such manipulation leads to deserialization. The attack may be launched remotely. The exploit has...

6.5CVSS6.1AI score0.00498EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/01/07 9:17 a.m.25 views

CVE-2025-1741

A vulnerability classified as problematic was found in b1gMail up to 7.4.1-pl1. Affected by this vulnerability is an unknown functionality of the file src/admin/users.php of the component Admin Page. The manipulation of the argument query/q leads to deserialization. The attack can be launched...

5.8CVSS7AI score0.00377EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/06 2:49 a.m.12 views

CVE-2025-15453

A security vulnerability has been detected in milvus up to 2.6.7. This vulnerability affects the function expr.Exec of the file pkg/util/expr/expr.go of the component HTTP Endpoint. The manipulation of the argument code leads to deserialization. Remote exploitation of the attack is possible. The...

6.5CVSS6.8AI score0.00316EPSS
Exploits0References1
NVD
NVD
added 2026/01/05 3:15 a.m.11 views

CVE-2025-15453

A security vulnerability has been detected in milvus up to 2.6.7. This vulnerability affects the function expr.Exec of the file pkg/util/expr/expr.go of the component HTTP Endpoint. The manipulation of the argument code leads to deserialization. Remote exploitation of the attack is possible. The...

6.5CVSS0.00316EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/01/05 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-15438

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was determined in PluXml up to 5.8.22. Affected is the function FileCookieJar::destruct of the file core/admin/medias.php of the component Media...

7.2CVSS5.5AI score0.00386EPSS
Exploits1References2
OSV
OSV
added 2026/01/02 2:32 p.m.4 views

CVE-2025-15438 PluXml Media Management medias.php __destruct deserialization

A vulnerability was determined in PluXml up to 5.8.22. Affected is the function FileCookieJar::destruct of the file core/admin/medias.php of the component Media Management Module. Executing a manipulation of the argument File can lead to deserialization. The attack can be launched remotely. The...

5.1CVSS5.5AI score0.00386EPSS
Exploits1References6
CVE
CVE
added 2026/01/02 2:32 p.m.8 views

CVE-2025-15438

CVE-2025-15438 affects PluXml up to version 5.8.22, targeting the Media Management Module’s file medias.php, specifically the FileCookieJar::__destruct function. A crafted manipulation of the File argument can trigger deserialization, enabling a remote, unauthenticated attack. Public exploit deta...

7.2CVSS4.7AI score0.00386EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder