293 matches found
CVE-2025-15438 PluXml Media Management medias.php __destruct deserialization
A vulnerability was determined in PluXml up to 5.8.22. Affected is the function FileCookieJar::destruct of the file core/admin/medias.php of the component Media Management Module. Executing a manipulation of the argument File can lead to deserialization. The attack can be launched remotely. The...
CVE-2025-15438
CVE-2025-15438 affects PluXml up to version 5.8.22, targeting the Media Management Module’s file medias.php, specifically the FileCookieJar::__destruct function. A crafted manipulation of the File argument can trigger deserialization, enabling a remote, unauthenticated attack. Public exploit deta...
CVE-2025-15375
A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/controller/Ajax.php of the component arcpagelist Handler. Executing a manipulation of the argument attstr can lead to deserialization. The attack can be launched remotely. Th...
EUVD-2025-205884
A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/controller/Ajax.php of the component arcpagelist Handler. Executing manipulation of the argument attstr can lead to deserialization. The attack can be launched remotely. The...
CVE-2025-15375
A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/controller/Ajax.php of the component arcpagelist Handler. Executing a manipulation of the argument attstr can lead to deserialization. The attack can be launched remotely. Th...
CVE-2025-15375
A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/controller/Ajax.php of the component arcpagelist Handler. Executing a manipulation of the argument attstr can lead to deserialization. The attack can be launched remotely. Th...
CVE-2025-15375
A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/controller/Ajax.php of the component arcpagelist Handler. Executing a manipulation of the argument attstr can lead to deserialization. The attack can be launched remotely. Th...
CVE-2025-15375
CVE-2025-15375 affects EyouCMS up to 1.7.7. The vulnerability is a deserialization flaw in the Ajax.php handler (function unserialize in file application/api/controller/Ajax.php, component arcpagelist) where manipulating the attstr argument can trigger deserialization. Impact is described as remo...
CVE-2025-15246 aizuda snail-job API FurySerializer.deserialize deserialization
A vulnerability was determined in aizuda snail-job up to 1.7.0 on macOS. Affected by this vulnerability is the function FurySerializer.deserialize of the component API. This manipulation of the argument argsStr causes deserialization. Remote exploitation of the attack is possible. The exploit has...
CVE-2025-15246 aizuda snail-job API FurySerializer.deserialize deserialization
A vulnerability was determined in aizuda snail-job up to 1.7.0 on macOS. Affected by this vulnerability is the function FurySerializer.deserialize of the component API. This manipulation of the argument argsStr causes deserialization. Remote exploitation of the attack is possible. The exploit has...
CVE-2025-15246
Aizuda snail-job (macOS) up to version 1.7.0 is affected in the API component by FurySerializer.deserialize, where manipulating the argsStr enables deserialization leading to remote exploitation. The exploit has been publicly disclosed. Remediation: upgrade to a version newer than 1.7.0 (i.e., no...
CVE-2025-15222
A vulnerability has been found in Dromara Sa-Token up to 1.44.0. This issue affects the function ObjectInputStream.readObject of the file SaSerializerTemplateForJdkUseBase64.java. Such manipulation leads to deserialization. The attack can be executed remotely. This attack is characterized by high...
EUVD-2025-205488
A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization. The attack may be launched remotely. This attack is characterized by high complexity. It is...
CVE-2025-15117 Dromara Sa-Token SaJdkSerializer.java ObjectInputStream.readObject deserialization
A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization. The attack may be launched remotely. This attack is characterized by high complexity. It is...
PT-2025-53632
Name of the Vulnerable Software and Affected Versions Dromara Sa-Token versions up to 1.44.0 Description A weakness exists in Dromara Sa-Token up to version 1.44.0 related to deserialization. The issue affects the ObjectInputStream.readObject function within the SaJdkSerializer.java file...
CVE-2025-14606
A security vulnerability has been detected in tiny-rdm Tiny RDM up to 1.2.5. Affected by this vulnerability is the function pickle.loads of the file pickleconvert.go of the component Pickle Decoding. The manipulation leads to deserialization. The attack can be initiated remotely. A high degree of...
EUVD-2025-203263
A security vulnerability has been detected in tiny-rdm Tiny RDM up to 1.2.5. Affected by this vulnerability is the function pickle.loads of the file pickleconvert.go of the component Pickle Decoding. The manipulation leads to deserialization. The attack can be initiated remotely. A high degree of...
CVE-2025-14606
A security vulnerability has been detected in tiny-rdm Tiny RDM up to 1.2.5. Affected by this vulnerability is the function pickle.loads of the file pickleconvert.go of the component Pickle Decoding. The manipulation leads to deserialization. The attack can be initiated remotely. A high degree of...
PT-2025-51115
A security vulnerability has been detected in tiny-rdm Tiny RDM up to 1.2.5. Affected by this vulnerability is the function pickle.loads of the file pickle convert.go of the component Pickle Decoding. The manipulation leads to deserialization. The attack can be initiated remotely. A high degree o...
CVE-2025-13805
A weakness has been identified in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This affects the function getInputStream of the file nutzcloud/nutzcloud-literpc/src/main/java/org/nutz/boot/starter/literpc/impl/endpoint/http/HttpServletRpcEndpoint.java of the component LiteRpc-Serializer. Executing a...