Next.js has cross-site scripting in beforeInteractive scripts with untrusted input

Impact Applications that use beforeInteractive scripts together with untrusted content can be vulnerable to cross-site scripting. In affected versions, serialized script content was not escaped safely before being embedded into the document, which could allow attacker-controlled input to break ou...

CVE-2026-3422

U-Office Force developed by e-Excellence has a Insecure Deserialization vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server by sending maliciously crafted serialized content...

CVE-2026-3422

U-Office Force developed by e-Excellence has a Insecure Deserialization vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server by sending maliciously crafted serialized content...

CVE-2026-3422

U-Office Force developed by e-Excellence has a Insecure Deserialization vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server by sending maliciously crafted serialized content...

PT-2026-22549

Name of the Vulnerable Software and Affected Versions U-Office Force affected versions not specified Description U-Office Force contains an Insecure Deserialization issue. This allows unauthenticated remote attackers to execute arbitrary code on the server by sending maliciously crafted serialize...

GHSA-FX7F-RJQJ-52PJ Deserialization of Untrusted Data in Spring AMQP

In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100%...

CM Pop-Up banners < 1.4.11 - Authenticated Stored XSS

When saving a new campaign, a user with editpages capabilities can store scripts in the campaign’s pop-up content. The code can then be executed on every page on the website. PoC A user with the editpages capability can store any script in the pop-up's content. The content is serialized and then...

CM Pop-Up banners < 1.4.11 - Authenticated Stored XSS

When saving a new campaign, a user with editpages capabilities can store scripts in the campaign’s pop-up content. The code can then be executed on every page on the website. A user with the editpages capability can store any script in the pop-up's content. The content is serialized and then save...

CakePHP 3.7.7, 3.6.15 and 3.5.18 released

CakePHP 3.7.7, 3.6.15 and 3.5.18 released The CakePHP core team is happy to announce the immediate availability of CakePHP 3.7.7, 3.6.15 and 3.5.18. These releases contain a security related fix for CVE-2019-11458. The vulnerability affects applications that open serialized content from user inpu...

Apache Spark RPC Protocol deserialization vulnerability analysis-vulnerability warning-the black bar safety net

Front a burst of Spark official release of the title for the CVE-2018-17190: Unsecured Apache Spark standalone executes user code of the security Bulletin. The announcement indicated the vulnerability affects version to full version, and does not indicate a repaired version, only the relevant...

Novell NetIQ Privileged User Manager 2.3.1 auth.dll Code Execution

Novell NetIQ Privileged User Manager version 2.3.1 suffers from a remote code execution vulnerability in pamodifyaccounts in auth.dll. The secure web interface contains a flaw which allows, without prior authentication, to change the password of the user 'admin'. A remote attacker then could logi...