Lucene search
K

293 matches found

Vulnrichment
Vulnrichment
added 2026/01/02 2:32 p.m.2 views

CVE-2025-15438 PluXml Media Management medias.php __destruct deserialization

A vulnerability was determined in PluXml up to 5.8.22. Affected is the function FileCookieJar::destruct of the file core/admin/medias.php of the component Media Management Module. Executing a manipulation of the argument File can lead to deserialization. The attack can be launched remotely. The...

5.8CVSS4.7AI score0.00386EPSS
Exploits1References4
CVE
CVE
added 2026/01/02 2:32 p.m.8 views

CVE-2025-15438

CVE-2025-15438 affects PluXml up to version 5.8.22, targeting the Media Management Module’s file medias.php, specifically the FileCookieJar::__destruct function. A crafted manipulation of the File argument can trigger deserialization, enabling a remote, unauthenticated attack. Public exploit deta...

7.2CVSS4.7AI score0.00386EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/01 5:32 a.m.9 views

CVE-2025-15375

A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/controller/Ajax.php of the component arcpagelist Handler. Executing a manipulation of the argument attstr can lead to deserialization. The attack can be launched remotely. Th...

8.8CVSS6.1AI score0.00371EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/31 6:30 a.m.6 views

EUVD-2025-205884

A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/controller/Ajax.php of the component arcpagelist Handler. Executing manipulation of the argument attstr can lead to deserialization. The attack can be launched remotely. The...

8.8CVSS6.2AI score0.00371EPSS
Exploits1References6
OSV
OSV
added 2025/12/31 5:16 a.m.2 views

CVE-2025-15375

A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/controller/Ajax.php of the component arcpagelist Handler. Executing a manipulation of the argument attstr can lead to deserialization. The attack can be launched remotely. Th...

8.8CVSS5.5AI score0.00371EPSS
Exploits1References5
NVD
NVD
added 2025/12/31 5:16 a.m.5 views

CVE-2025-15375

A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/controller/Ajax.php of the component arcpagelist Handler. Executing a manipulation of the argument attstr can lead to deserialization. The attack can be launched remotely. Th...

8.8CVSS0.00371EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2025/12/31 5:2 a.m.4 views

CVE-2025-15375

A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/controller/Ajax.php of the component arcpagelist Handler. Executing a manipulation of the argument attstr can lead to deserialization. The attack can be launched remotely. Th...

8.8CVSS5.1AI score0.00371EPSS
Exploits1References5
CVE
CVE
added 2025/12/31 5:2 a.m.20 views

CVE-2025-15375

CVE-2025-15375 affects EyouCMS up to 1.7.7. The vulnerability is a deserialization flaw in the Ajax.php handler (function unserialize in file application/api/controller/Ajax.php, component arcpagelist) where manipulating the attstr argument can trigger deserialization. Impact is described as remo...

8.8CVSS6.1AI score0.00371EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/30 11:32 a.m.4 views

CVE-2025-15246 aizuda snail-job API FurySerializer.deserialize deserialization

A vulnerability was determined in aizuda snail-job up to 1.7.0 on macOS. Affected by this vulnerability is the function FurySerializer.deserialize of the component API. This manipulation of the argument argsStr causes deserialization. Remote exploitation of the attack is possible. The exploit has...

6.5CVSS6.4AI score0.00237EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/30 11:32 a.m.25 views

CVE-2025-15246 aizuda snail-job API FurySerializer.deserialize deserialization

A vulnerability was determined in aizuda snail-job up to 1.7.0 on macOS. Affected by this vulnerability is the function FurySerializer.deserialize of the component API. This manipulation of the argument argsStr causes deserialization. Remote exploitation of the attack is possible. The exploit has...

6.5CVSS0.00237EPSS
Exploits0References4
CVE
CVE
added 2025/12/30 11:32 a.m.8 views

CVE-2025-15246

Aizuda snail-job (macOS) up to version 1.7.0 is affected in the API component by FurySerializer.deserialize, where manipulating the argsStr enables deserialization leading to remote exploitation. The exploit has been publicly disclosed. Remediation: upgrade to a version newer than 1.7.0 (i.e., no...

6.5CVSS6.4AI score0.00237EPSS
Exploits0References4
NVD
NVD
added 2025/12/30 6:15 a.m.5 views

CVE-2025-15222

A vulnerability has been found in Dromara Sa-Token up to 1.44.0. This issue affects the function ObjectInputStream.readObject of the file SaSerializerTemplateForJdkUseBase64.java. Such manipulation leads to deserialization. The attack can be executed remotely. This attack is characterized by high...

5CVSS0.0022EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/28 2:32 a.m.5 views

EUVD-2025-205488

A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization. The attack may be launched remotely. This attack is characterized by high complexity. It is...

3.1CVSS6.2AI score0.00271EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/12/28 2:32 a.m.28 views

CVE-2025-15117 Dromara Sa-Token SaJdkSerializer.java ObjectInputStream.readObject deserialization

A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization. The attack may be launched remotely. This attack is characterized by high complexity. It is...

3.1CVSS0.00271EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/28 12:0 a.m.4 views

PT-2025-53632

Name of the Vulnerable Software and Affected Versions Dromara Sa-Token versions up to 1.44.0 Description A weakness exists in Dromara Sa-Token up to version 1.44.0 related to deserialization. The issue affects the ObjectInputStream.readObject function within the SaJdkSerializer.java file...

3.1CVSS6.2AI score0.00271EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/12/16 2:49 p.m.5 views

CVE-2025-14606

A security vulnerability has been detected in tiny-rdm Tiny RDM up to 1.2.5. Affected by this vulnerability is the function pickle.loads of the file pickleconvert.go of the component Pickle Decoding. The manipulation leads to deserialization. The attack can be initiated remotely. A high degree of...

5CVSS4.9AI score0.0022EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/13 6:30 p.m.8 views

EUVD-2025-203263

A security vulnerability has been detected in tiny-rdm Tiny RDM up to 1.2.5. Affected by this vulnerability is the function pickle.loads of the file pickleconvert.go of the component Pickle Decoding. The manipulation leads to deserialization. The attack can be initiated remotely. A high degree of...

5CVSS6AI score0.0022EPSS
Exploits0References5
NVD
NVD
added 2025/12/13 4:16 p.m.6 views

CVE-2025-14606

A security vulnerability has been detected in tiny-rdm Tiny RDM up to 1.2.5. Affected by this vulnerability is the function pickle.loads of the file pickleconvert.go of the component Pickle Decoding. The manipulation leads to deserialization. The attack can be initiated remotely. A high degree of...

5CVSS0.0022EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.6 views

PT-2025-51115

A security vulnerability has been detected in tiny-rdm Tiny RDM up to 1.2.5. Affected by this vulnerability is the function pickle.loads of the file pickle convert.go of the component Pickle Decoding. The manipulation leads to deserialization. The attack can be initiated remotely. A high degree o...

5CVSS6.4AI score0.0022EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/02 4:27 a.m.7 views

CVE-2025-13805

A weakness has been identified in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This affects the function getInputStream of the file nutzcloud/nutzcloud-literpc/src/main/java/org/nutz/boot/starter/literpc/impl/endpoint/http/HttpServletRpcEndpoint.java of the component LiteRpc-Serializer. Executing a...

6.3CVSS4.2AI score0.00317EPSS
Exploits0References1
Rows per page
Query Builder