GHSA-GXX4-3XCV-F8QX @angular/platform-server: Missing `<noscript>` Raw-Text Serialization Escaping leads to Cross-Site Scripting (XSS) in Angular SSR

A Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino when serializing the content of elements. When rendering dynamic text content inside a element via template bindings such as value or textContent, the template engine expects the browser ...

@angular/platform-server: Missing `<noscript>` Raw-Text Serialization Escaping leads to Cross-Site Scripting (XSS) in Angular SSR

A Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino when serializing the content of elements. When rendering dynamic text content inside a element via template bindings such as value or textContent, the template engine expects the browser ...

PT-2026-49566

A Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino when serializing the content of elements. When rendering dynamic text content inside a element via template bindings such as value or textContent, the template engine expects the browser ...

CVE-2026-44782 Discourse: GroupPostSerializer leaks hidden full names through reaction post association

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, GroupPostSerializer declared includeuserlongname? as the predicate for its :name attribute, but AMS looks for includename?...

CVE-2026-44782 Discourse: GroupPostSerializer leaks hidden full names through reaction post association

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, GroupPostSerializer declared includeuserlongname? as the predicate for its :name attribute, but AMS looks for includename?...

CVE-2026-44782

Discourse (open-source) is affected. In versions 2026.1.0-latest–2026.1.3.x, 2026.3.0-latest–2026.3.0.x, and 2026.4.0-latest–2026.4.0.x, GroupPostSerializer used include_user_long_name? as the predicate for the :name attribute. AMS checks for include_name?, but the misnamed predicate was never in...

PT-2026-48988

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 Discourse versions 2026.4.0 Description When the SiteSetting.tags listed by group setting is enabled, the DetailedTagSerializertag group names function returns all tag...

CVE-2026-48207

Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...

CVE-2025-62373

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Versions 0.0.41 through 0.0.93 have a vulnerability in LivekitFrameSerializer – an optional, non-default, undocumented frame serializer class now deprecated intended for LiveKit...

[SECURITY] Fedora 44 Update: perl-Sereal-Encoder-5.005-1.fc44

This library implements an efficient, compact-output, and feature-rich serializer using a binary protocol called Sereal...

Linux Distros Unpatched Vulnerability : CVE-2026-31072

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure...

CVE-2026-48207

Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...

EUVD-2026-31292

Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...

CVE-2026-48207 Apache Fory: PyFory ReduceSerializer Incomplete Policy Enforcement

Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...

CVE-2026-48207 Apache Fory: PyFory ReduceSerializer Incomplete Policy Enforcement

Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...

CVE-2026-48207

Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...

CVE-2026-48207

CVE-2026-48207 affects Apache Fory: PyFory ReduceSerializer deserializes attacker-controlled data and could bypass DeserializationPolicy validation during reduce-state restoration and global-name resolution. Impact is high (CVSS 3.1: 9.8, CRITICAL, NETWORK/LOW/ NONE user interactions). The issue ...

Apache Fory 代码问题漏洞

Apache Fory is a serialization framework developed by the Apache Foundation. Versions of Apache Fory prior to 1.0.0 contained code vulnerabilities. These vulnerabilities stemmed from the ReduceSerializer in PyFory, which might bypass the DeserializationPolicy validation hook during state...

Astra Linux - уязвимость в python-django

A issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. The algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote attacker to trigger a potential denial-of-service attack, leading to CPU and memory exhaustion through specially...

GHSA-9CFW-F3F9-7MM7 APScheduler's JSONSerializer and CBORSerializer are vulnerable to Remote Code Execution (RCE) via Insecure Deserialization

The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...