EUVD-2026-35401

TYPO3 CMS has Insecure Deserialization via Core API...

CVE-2026-40993

An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository saml2assertingpartymetadata may be able to store malicious serialized payloads in the columns containing the collection of verification or encryption credentials verificationcredentials and...

VMware Spring Security 代码问题漏洞

VMware Spring Security is a security framework provided by the American company VMware, designed to provide descriptive security protection for Spring-based applications. Versions of VMware Spring Security from 7.0.0 to 7.0.5 have code vulnerabilities. These vulnerabilities stem from attackers wh...

TYPO3 CMS 代码问题漏洞

TYPO3 CMS is a content management system developed under the TYPO3 open source framework. Code vulnerabilities existed in versions prior to TYPO3 CMS 10.4.57, as well as in versions 11.0.0 to 11.5.51, 12.0.0 to 12.4.46, 13.0.0 to 13.4.31, and 14.0.0 to 14.3.3. These vulnerabilities stemmed from...

CVE-2026-47309

Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Oversized Serialized Data Payloads. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3...

CVE-2026-47309

Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Oversized Serialized Data Payloads. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3...

Wazuh 4.14.2 Code Execution / Insecure Deserialization

A critical vulnerability in Wazuh cluster mode allows an attacker with access to a worker node to send malicious serialized payloads that are processed by the master node, resulting in remote code execution with root privileges. Versions 4.0.0 through 4.14.2 are affected...

Denial Of Service (DoS)

vrana/adminer is vulnerable to Denial of Service. The vulnerability is due to improper handling of crafted serialized payloads in Monolog logging, which allows an attacker to trigger excessive memory consumption via malicious serialized objects, leading to PHP Object Injection and server-level Do...

GFI MailEssentials 安全漏洞

GFI MailEssentials is an email security suite from GFI that includes 14 anti-spam filters, 3 anti-virus engines, and malware scanning capabilities. A security vulnerability exists in GFI MailEssentials versions prior to 21.8, which stems from the .NET Remoting Service improperly handling speciall...

CVE-2022-24082

If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect systems running o...

ITPison OMICARD EDM 信任管理问题漏洞

ITPison OMICARD EDM is a high-speed newsletter EDM marketing and distribution system from ITPison, China. A security vulnerability exists in ITPison OMICARD EDM. A remote attacker could exploit the vulnerability to send a serialized payload to the server using a machine key to execute arbitrary...

CVE-2022-24082

If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect systems running o...

CVE-2022-24082

If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect systems running o...

Design/Logic Flaw

If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect systems running o...

CVE-2022-24082

If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect systems running o...

CVE-2022-24082

CVE-2022-24082 affects on‑premises Pega Platform installations when the JMX interface port is exposed to the Internet and port filtering is misconfigured, enabling upload of serialized payloads to compromise the underlying system. On-PegaCloud deployments are not affected. Public exploit activity...

CVE-2020-15842

Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle attackers to execute arbitrary code via crafted serialized payloads, because of insecure deserialization...