Lucene search
K

120 matches found

CVE
CVE
added 2026/02/28 6:27 a.m.24 views

CVE-2026-2471

The WP Mail Logging plugin for WordPress (up to version 1.15.0) is vulnerable to PHP Object Injection via deserialization of untrusted input in the email log message field. The BaseModel constructor calls maybe_unserialize() on all properties from the database without validation, allowing an unau...

7.5CVSS6.2AI score0.00384EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2025/11/26 12:0 a.m.272 views

📄 Apache Tomcat 11.0.3 Remote Session Injection

A vulnerability in Apache Tomcat version 11.0.3 allows attackers to upload a .session file containing a malicious Java serialized payload and then trigger it through a forged JSESSIONID cookie...

10CVSS7AI score0.99945EPSS
Exploits46
Packet Storm
Packet Storm
added 2025/10/20 12:0 a.m.218 views

📄 Microsoft Windows Server Update Services Remote Code Execution

This is a proof of concept exploit for Microsoft Windows Server Update Services that leverages an unsafe deserialization of untrusted data in WSUS's AuthorizationCookie handling. This file demonstrates payload generation in C. using System; using System.IO; using System.Security.Cryptography; usi...

9.8CVSS6.9AI score0.99962EPSS
Exploits24
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-4714

Malware in sbrugna...

9.8CVSS9.5AI score0.05238EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-25694

Malicious code in bioql PyPI...

8.6CVSS6.3AI score0.00681EPSS
Exploits2References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-14685

Malicious code in bioql PyPI...

7.8CVSS6.6AI score0.00269EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-34699

Malicious code in bioql PyPI...

7.2CVSS6.9AI score0.01385EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/09/02 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-43960

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service memory consumption via a crafted serialized payload e.g., using s:1000000000, leading ...

8.6CVSS5.8AI score0.00681EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2025/08/30 6:21 p.m.5 views

CVE-2025-43960

Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service memory consumption via a crafted serialized payload e.g., using s:1000000000, leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which force...

8.6CVSS7AI score0.00681EPSS
Exploits2References1
SUSE CVE
SUSE CVE
added 2025/08/26 11:23 p.m.5 views

SUSE CVE-2025-43960

Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service memory consumption via a crafted serialized payload e.g., using s:1000000000, leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which force...

8.6CVSS7AI score0.00681EPSS
Exploits2References3
OSV
OSV
added 2025/08/25 3:32 p.m.7 views

GHSA-MQH4-2MM8-G7W9 Adminer PHP Object Injection issue leads to Denial of Service

Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service memory consumption via a crafted serialized payload e.g., using s:1000000000, leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which force...

8.6CVSS6.7AI score0.00681EPSS
Exploits2References3
Github Security Blog
Github Security Blog
added 2025/08/25 3:32 p.m.9 views

Adminer PHP Object Injection issue leads to Denial of Service

Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service memory consumption via a crafted serialized payload e.g., using s:1000000000, leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which force...

8.6CVSS6.7AI score0.00681EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2025/08/25 2:15 p.m.5 views

DEBIAN-CVE-2025-43960

Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service memory consumption via a crafted serialized payload e.g., using s:1000000000, leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which force...

8.6CVSS5.4AI score0.00681EPSS
Exploits2References1
OSV
OSV
added 2025/08/25 2:15 p.m.3 views

UBUNTU-CVE-2025-43960

Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service memory consumption via a crafted serialized payload e.g., using s:1000000000, leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which force...

8.6CVSS5.8AI score0.00681EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2025/08/25 12:0 a.m.7 views

PT-2025-34607 · Adminer · Adminer

Name of the Vulnerable Software and Affected Versions: Adminer version 4.8.1 Description: Adminer 4.8.1, when using Monolog for logging, is susceptible to a Denial of Service memory consumption through a crafted serialized payload, resulting in a PHP Object Injection issue. Remote, unauthenticate...

8.6CVSS6.6AI score0.00681EPSS
Exploits2References9
Vulnrichment
Vulnrichment
added 2025/08/25 12:0 a.m.4 views

CVE-2025-43960

Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service memory consumption via a crafted serialized payload e.g., using s:1000000000, leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which force...

7.6AI score0.00681EPSS
Exploits2References4
Cvelist
Cvelist
added 2025/08/25 12:0 a.m.11 views

CVE-2025-43960

Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service memory consumption via a crafted serialized payload e.g., using s:1000000000, leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which force...

0.00681EPSS
Exploits2References4
OSV
OSV
added 2025/08/25 12:0 a.m.5 views

CVE-2025-43960

Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service memory consumption via a crafted serialized payload e.g., using s:1000000000, leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which force...

8.6CVSS7AI score0.00681EPSS
Exploits2References6
Debian CVE
Debian CVE
added 2025/08/25 12:0 a.m.6 views

CVE-2025-43960

Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service memory consumption via a crafted serialized payload e.g., using s:1000000000, leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which force...

8.6CVSS5.4AI score0.00681EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2025/08/01 12:0 a.m.7 views

CVE-2025-50472

The modelscope/ms-swift library thru 2.6.1 is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadmodelmeta function of the ModelFileSystemCache class. Attackers can execute arbitrary code and commands by crafting a malicious serialized .mdl payload,...

8.3AI score0.01261EPSS
Exploits1References2
Rows per page
Query Builder