453 matches found
Chamilo 代码问题漏洞
Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.30 had code vulnerabilities. These vulnerabilities stemmed from the application’s ability to deserialize data that could be tampered with, allowing attackers to create arbitrary class...
CVE-2025-60036
A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data...
CVE-2025-60037
A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which...
CVE-2026-27475 SPIP < 4.4.9 Insecure Deserialization
SPIP before 4.4.9 allows Insecure Deserialization in the public area through the tablevaleur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content a pre-condition requiring prior access or another vulnerability can trigger arbitrary...
CVE-2025-60035
A vulnerability has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data...
CVE-2025-60035
A vulnerability has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data...
CVE-2025-60038
A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which...
CVE-2025-60038
A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which...
CVE-2025-60038
A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which...
CVE-2025-60036
A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data...
CVE-2025-60035
The vulnerability CVE-2025-60035 affects the OPC.Testclient utility in Rexroth IndraWorks prior to version 15V24. It allows an attacker to achieve Remote Code Execution by parsing a specially crafted serialized file that is opened by a user; deserialization of malicious data leads to a complete c...
Bosch Rexroth IndraWorks 安全漏洞
Bosch Rexroth IndraWorks is a general engineering framework software developed by the German company Bosch Rexroth. Bosch Rexroth IndraWorks has a security vulnerability that stems from deserialization issues when parsing specially crafted files containing malicious serialized data, which may lea...
PT-2026-20411
Name of the Vulnerable Software and Affected Versions Rexroth IndraWorks OPC.Testclient versions prior to 15V24 Description A flaw exists in the OPC.Testclient utility, included within Rexroth IndraWorks, that allows an attacker to execute arbitrary code on a user’s system. This is achieved by...
npm-serialize-javascript: Cross-site Scripting (XSS) in serialize-javascript
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by...
CVE-2020-12469
admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection with resultant file deletion via serialized data in the subpages value within a block to blocks/edit...
Remote Code Execution (RCE)
Overview Affected versions of this package are vulnerable to Remote Code Execution RCE over the /expr endpoint. An authenticated user can execute code or disrupt service by sending malicious serialized data as the code parameter, which is passed to expr.Exec and executed as an expression without...
Remote Code Execution (RCE)
Overview Affected versions of this package are vulnerable to Remote Code Execution RCE over the /expr endpoint. An authenticated user can execute code or disrupt service by sending malicious serialized data as the code parameter, which is passed to expr.Exec and executed as an expression without...
Deserialization Of Untrusted Data
pyfory and pyfury are vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to the ability to craft a malicious serialized data stream that triggers the pickle-fallback serializer, which allows an attacker to invoke pickle.loads and achieve remote code execution...
CVE-2025-46183
The Utils.deserialize function in pgCodeKeeper 10.12.0 processes serialized data from untrusted sources. If an attacker provides a specially crafted .ser file, deserialization may result in unintended code execution or other malicious behavior on the target system...
WordPress Boldermail plugin deserialization vulnerability
The WordPress Boldermail plugin is an email marketing and automation platform designed specifically for WordPress, allowing users to manage subscribers, design email templates and create automated workflows directly in the WordPress backend. WordPress Boldermail plugin suffers from a...