Deserialization Of Untrusted Data

org.apache.nifi, nifi-asana-processors is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to the use of unfiltered Java object serialization and deserialization in the GetAsanaObject Processor, which allows an attacker with access to the configured cache server to supply...

Security Bulletin: Remote Exploitable Java SE Serialization Weakness Causing Partial DoS, affects watsonx.data

Summary Vulnerability in Java SE component: Serialization. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of...

CVE-2026-21493

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Type Confusion in its CIccSingleSampledeCurveXml class during XML Curve Serialization. This issue is fixed in version 2.3.1.2...

preact 安全漏洞

preact is a Java library from Preact open source. A security vulnerability exists in preact version 10.26.5, which stems from weakened JSON serialization protection and could lead to HTML injection...

CVE-2019-7725

includes/core/isuser.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie i.e., the code relies on PHP's serialization format when JSON can be used to eliminate the risk...

PT-2026-2136

Name of the Vulnerable Software and Affected Versions Preact versions 10.26.5 through 10.26.9 Preact versions 10.27.0 through 10.27.2 Preact versions 10.28.0 through 10.28.1 Description Preact, a lightweight web development framework, has an issue with JSON serialization protection. A regression...

CVE-2026-21493

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Type Confusion in its CIccSingleSampledeCurveXml class during XML Curve Serialization. This issue is fixed in version 2.3.1.2...

CVE-2026-21493 iccDEV has Type Confusion during XML Curve Serialization

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Type Confusion in its CIccSingleSampledeCurveXml class during XML Curve Serialization. This issue is fixed in version 2.3.1.2...

CVE-2026-21493 iccDEV has Type Confusion during XML Curve Serialization

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Type Confusion in its CIccSingleSampledeCurveXml class during XML Curve Serialization. This issue is fixed in version 2.3.1.2...

CVE-2026-21493 iccDEV has Type Confusion during XML Curve Serialization

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Type Confusion in its CIccSingleSampledeCurveXml class during XML Curve Serialization. This issue is fixed in version 2.3.1.2...

CVE-2026-21493

CVE-2026-21493 (iccDEV) affects the iccDEV library/tools used for ICC color management profiles. The vulnerability is a Type Confusion in the CIccSingleSampledeCurveXml class during XML Curve Serialization. Affected versions are 2.3.1.1 and earlier; the issue is fixed in version 2.3.1.2. The Red ...

EUVD-2026-1156

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Type Confusion in its CIccSingleSampledeCurveXml class during XML Curve Serialization. This issue is fixed in version 2.3.1.2...

PT-2026-1434

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2 Description iccDEV, a set of libraries and tools for working with ICC color management profiles, contains a Type Confusion issue within its CIccSingleSampledeCurveXml class during XML Curve Serialization...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE over the /expr endpoint. An authenticated user can execute code or disrupt service by sending malicious serialized data as the code parameter, which is passed to expr.Exec and executed as an expression without...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993107)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993107 advisory. In the Linux kernel, the following vulnerability has been resolved: perf/aux: Fix AUX buffer serialization Ole reported that event-mmapmutex is strictly insufficient...

CVE-2025-15117

A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization. The attack may be launched remotely. This attack is characterized by high complexity. It is...

Exploit for CVE-2025-68664

--- 📑 Table of Contents - 🎯 Executive Summary-executive...

Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection

A critical security flaw has been disclosed in LangChain Core that could be exploited by an attacker to steal sensitive secrets and even influence large language model LLM responses through prompt injection. LangChain Core i.e., langchain-core is a core Python package that's part of the LangChain...

CVE-2025-68664

A flaw was found in LangChain, a framework for building agents and LLM-powered applications. A remote attacker can exploit a serialization injection vulnerability in LangChain's dumps and dumpd functions. This occurs because the functions do not properly escape dictionaries containing the interna...

CVE-2025-68665

A flaw was found in LangChain. A remote attacker could exploit a serialization injection vulnerability in the toJSON method. This occurs because the method fails to properly escape objects containing 'lc' keys during serialization of free-form data. When user-controlled data includes this key...