Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the BigDecimal and BigInteger handling in the MessageSerializer class. An attacker can execute arbitrary code or manipulate application behavior by providing crafted serialized objects. Details...

CVE-2025-36038

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects...

Vulnerability fixed in IBM WebSphere Application Server

IBM has fixed a vulnerability in IBM WebSphere Application Server Versions 8.5 and 9.0. The vulnerability is in the processing of specially crafted serialized objects. This problem can be exploited by attackers to execute arbitrary code on the server. IBM has released updates to fix the...

CVE-2025-36038

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects...

CVE-2025-36038

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects...

CVE-2025-36038 IBM WebSphere Application Server code execution

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects...

CVE-2025-36038

CVE-2025-36038 affects IBM WebSphere Application Server 8.5 and 9.0. A remote attacker could execute arbitrary code by sending a specially crafted sequence of serialized objects (Deserialization of Untrusted Data, CWE-502). CVSS v3.1 base score 9.0–9.8 (network, high impact to confidentiality, in...

IBM WebSphere Application Server 代码问题漏洞

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A code issue vulnerability exists in IBM WebSphere...

FreeScout 代码问题漏洞

FreeScout is an open source helpdesk system built on the PHP Laravel framework, designed to provide users with functionality similar to Zendesk or Help Scout, but without sacrificing privacy or freedom. Freescout suffers from a deserialization vulnerability that stems from the fact that through t...

CVE-2023-23477

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513...

CVE-2022-40202

The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication. An attacker could provide malicious serialized objects which, when deserialized, could activate an opcode for a backup scheduling function without authentication...

ClipBucket 代码问题漏洞

ClipBucket is an open source and freely downloadable PHP script from MacWarrior Open Source. It is used for sharing video sites. A code issue vulnerability exists in ClipBucket versions 2.0 through 5.5.1-199, which stems from susceptibility to a PHP deserialization vulnerability and improper inpu...

ClipBucket 安全漏洞

ClipBucket is an open source and freely downloadable PHP script from MacWarrior Open Source. It is used for sharing video sites. A security vulnerability exists in ClipBucket 5.5.1-199 and earlier versions, which stems from vulnerability to a PHP deserialization vulnerability and improper input...

VulnCheck KEV: CVE-2020-4450

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231...

CVE-2024-28213

nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization...

Insecure Deserialization

org.apache.camel:camel-cassandraql is vulnerable to Insecure Deserialization. The vulnerability is due to insufficient validation of serialized objects, which can be exploited by attackers to execute arbitrary code...

Insecure Deserialisation

org.apache.camel:camel-sql is vulnerable to Insecure Deserialisation. The vulnerability is due to insufficient validation of serialized objects, which can be exploited by attackers to execute arbitrary code...

CVE-2017-20189

In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects...

CVE-2017-20189

In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects...

Deserialization of untrusted data

Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.This issue affects Apache UIMA Java SDK: before 3.5.0. Users are recommended to upgrade to version 3.5.0, which fixes the issue. The...