4165 matches found
CVE-2025-53393
In Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics...
Akka 代码问题漏洞
Akka is an Akka open source expressive SDK and platform for developing, deploying and operating enterprise agent services. A code issue vulnerability exists in Akka 2.10.6 and earlier versions that stems from the use of Java serialization to process cluster metrics...
CVE-2025-53393
In Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics...
CVE-2025-53393
CVE-2025-53393 affects Akka up to version 2.10.6, where akka-cluster-metrics uses Java serialization for cluster metrics. The root cause is deserialization of serialized objects within the MessageSerializer pathway, which the linked sources describe in SNYK/GHSA notices. The CVE entry provides a ...
PT-2025-27331 · Akka · Akka
Name of the Vulnerable Software and Affected Versions: Akka versions through 2.10.6 Description: The issue concerns the use of Java serialization for cluster metrics in the akka-cluster-metrics component. Recommendations: For versions through 2.10.6, consider disabling Java serialization for...
CVE-2025-53393
In Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics...
PT-2025-26875 · Ibm · Ibm Websphere Application Server
Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 8.5 and 9.0 Description: The issue allows a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. This poses a serious risk to enterprise Jav...
VulnCheck KEV: CVE-2020-9547
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig aka ibatis-sqlmap...
VulnCheck KEV: CVE-2020-9548
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig aka anteros-core...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching bsc1242006. CVE-2024-35840: mptcp: use OPTIONMPTCPMPJSYNACK in subflowfinishconnect bsc122459...
[SECURITY] Fedora 41 Update: rust-kbs-types-0.11.0-1.fc41
Rust deserializable types for KBS...
[SECURITY] Fedora 42 Update: rust-kbs-types-0.11.0-1.fc42
Rust deserializable types for KBS...
Security Bulletin: A vulnerability in Apache Active MQ NMS affects IBM Robotic Process Automation and could result in arbitrary code exections (CVE-2025-29953).
Summary A vulnerability in Apache Active MQ NMS affects IBM Robotic Process Automation and could result in arbitrary code exections CVE-2025-29953. Apache Active MQ is used by IBM Robotic Process automation for integration with Apache Active MQ. This security bulletin identifies the fixes require...
YAML-LibYAML: Shell injection
Background YAML-LibYAML provides YAML Serialization using XS and libyaml for Perl. Description YAML-LibYAML uses the legacy '2-arg' open call which is susceptible to shell injection via malicious filenames. Impact Shell injection may be used to execute arbitrary code using a malicious filename...
Hash Collision Attack
vllm is vulnerable to hash collision and data integrity issues. The vulnerability is due to improper image serialization using only raw pixel bytes without metadata, allowing attackers to create images with identical hashes and exploit cache poisoning or access sensitive data...
CVE-2025-39480 WordPress Car Dealer theme < 1.6.8 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeMakers Car Dealer allows Object Injection.This issue affects Car Dealer: from n/a before 1.6.8...
CVE-2025-23045
Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. An attacker with an account on an affected CVAT instance is able to run arbitrary code in the context of the Nuclio function container. This vulnerability affects CVAT deployments that run...
CVE-2024-50050
Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead...
CVE-2024-5625
Improper Restriction of XML External Entity Reference vulnerability in PruvaSoft Informatics Apinizer Management Console allows Data Serialization External Entities Blowup. This issue affects Apinizer Management Console: before 2024.05.1...
CVE-2024-0047
In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. This could lead to local denial of service when policies are deserialized on reboot with no additional execution privileges needed. User interaction is not needed for...