CVE-2021-29508

Due to how Wire handles type information in its serialization format, malicious payloads can be passed to a deserializer. e.g. using a surrogate on the sender end, an attacker can pass information about a different type for the receiving end. And by doing so allowing the serializer to create any...

CVE-2020-14030

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It stores SMS messages in .NET serialized format on the filesystem. By generating and writing to the disk malicious .NET serialized files, an attacker can trick the product into deserializing them, resulting in arbitrary code executi...

CVE-2020-17531

A Java Serialization vulnerability was found in Apache Tapestry 4. Apache Tapestry 4 will attempt to deserialize the "sp" parameter even before invoking the page's validate method, leading to deserialization without authentication. Apache Tapestry 4 reached end of life in 2008 and no update to...

CVE-2018-1000224

Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in DeSerialization functions core/io/marshalls.cpp that can result in DoS packet of...

CVE-2019-0189

The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceContext" is passed to the...

CVE-2017-14035

CrushFTP 8.x before 8.2.0 has a serialization vulnerability...

CVE-2019-15542

An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization...

CVE-2018-9474

In writeToParcel of MediaPlayer.java, there is a possible serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2017-13310

In createFromParcel of ViewPager.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is...

CVE-2025-4641

Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux XML parsing components modules allows Data Serialization External Entities Blowup. This vulnerability is associated with program files...

CVE-2025-40906

BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities. Those include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755. BSON-XS was the official Perl XS implementation of MongoDB's BSON...

CVE-2025-40906

BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities. Those include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755. BSON-XS was the official Perl XS implementation of MongoDB's BSON...

CVE-2025-40906 BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities

BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities. Those include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755. BSON-XS was the official Perl XS implementation of MongoDB's BSON...

GHSA-PWM3-776C-8Q7Q BoniGarcia WebDriverManager Affected By Improper Restriction of XML External Entity Reference

Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager on Windows, MacOS, Linux XML parsing components modules allows Data Serialization External Entities Blowup. This vulnerability is associated with program files...

BoniGarcia WebDriverManager Affected By Improper Restriction of XML External Entity Reference

Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager on Windows, MacOS, Linux XML parsing components modules allows Data Serialization External Entities Blowup. This vulnerability is associated with program files...

CVE-2025-4641

Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux XML parsing components modules allows Data Serialization External Entities Blowup. This vulnerability is associated with program files...

CVE-2025-4641 XML External Entity (XXE) injection vulnerability in WebDriverManager

Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux XML parsing components modules allows Data Serialization External Entities Blowup. This vulnerability is associated with program files...

CVE-2025-4641 XML External Entity (XXE) injection vulnerability in WebDriverManager

Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux XML parsing components modules allows Data Serialization External Entities Blowup. This vulnerability is associated with program files...

PT-2025-21226 · Unknown · Bonigarcia Webdrivermanager

Name of the Vulnerable Software and Affected Versions: bonigarcia webdrivermanager versions 1.0.0 through 6.0.2 Description: The issue is related to an Improper Restriction of XML External Entity Reference, allowing Data Serialization External Entities Blowup. This affects the XML parsing...

WebDriverManager 代码问题漏洞

WebDriverManager is an open source Java library from the individual developer Boni García that manages i.e., downloads, sets up, and maintains the drivers required for Selenium WebDriver in a fully automated manner. A security vulnerability exists in WebDriverManager versions prior to 1.0.0 throu...