CVE-2025-15246

Aizuda snail-job (macOS) up to version 1.7.0 is affected in the API component by FurySerializer.deserialize, where manipulating the argsStr enables deserialization leading to remote exploitation. The exploit has been publicly disclosed. Remediation: upgrade to a version newer than 1.7.0 (i.e., no...

CVE-2025-15246 aizuda snail-job API FurySerializer.deserialize deserialization

A vulnerability was determined in aizuda snail-job up to 1.7.0 on macOS. Affected by this vulnerability is the function FurySerializer.deserialize of the component API. This manipulation of the argument argsStr causes deserialization. Remote exploitation of the attack is possible. The exploit has...

CVE-2025-15222

A vulnerability has been found in Dromara Sa-Token up to 1.44.0. This issue affects the function ObjectInputStream.readObject of the file SaSerializerTemplateForJdkUseBase64.java. Such manipulation leads to deserialization. The attack can be executed remotely. This attack is characterized by high...

CVE-2025-15222 Dromara Sa-Token SaSerializerTemplateForJdkUseBase64.java ObjectInputStream.readObject deserialization

A vulnerability has been found in Dromara Sa-Token up to 1.44.0. This issue affects the function ObjectInputStream.readObject of the file SaSerializerTemplateForJdkUseBase64.java. Such manipulation leads to deserialization. The attack can be executed remotely. This attack is characterized by high...

CVE-2025-15222 Dromara Sa-Token SaSerializerTemplateForJdkUseBase64.java ObjectInputStream.readObject deserialization

A vulnerability has been found in Dromara Sa-Token up to 1.44.0. This issue affects the function ObjectInputStream.readObject of the file SaSerializerTemplateForJdkUseBase64.java. Such manipulation leads to deserialization. The attack can be executed remotely. This attack is characterized by high...

CVE-2025-15222

CVE-2025-15222 affects Dromara Sa-Token up to 1.44.0. The vulnerability is a deserialization flaw in ObjectInputStream.readObject within SaSerializerTemplateForJdkUseBase64.java, enabling remote manipulation with high complexity and publicly disclosed exploit. Multiple connected sources (Red Hat,...

Debian dla-4425 : python-django-doc - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4425 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4425-1 [email protected]...

CVE-2025-15117

A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization. The attack may be launched remotely. This attack is characterized by high complexity. It is...

CVE-2025-15117 Dromara Sa-Token SaJdkSerializer.java ObjectInputStream.readObject deserialization

A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization. The attack may be launched remotely. This attack is characterized by high complexity. It is...

Remote Code Execution (RCE)

CSLA .NET is vulnerable to remote code execution RCE. The vulnerability is due to the use of the obsolete NetDataContractSerializer NDCS in WcfProxy, which allows an attacker to execute arbitrary code during the deserialization process...

openSUSE 16 Security Update : python-Django (openSUSE-SU-2025-20153-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025-20153-1 advisory. - CVE-2025-64459: Fixed a potential SQL injection via connector keyword argument in QuerySet and Q objects bsc1252926 -...

SUSE SLES15 / openSUSE 15 Security Update : python-Django (SUSE-SU-2025:4384-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4384-1 advisory. - CVE-2025-13372: Fixed SQL Injection in FilteredRelation bsc1254437 - CVE-2025-64460: Fixed denial of service via specially...

SUSE-SU-2025:4384-1 Security update for python-Django

This update for python-Django fixes the following issues: - CVE-2025-13372: Fixed SQL Injection in FilteredRelation bsc1254437 - CVE-2025-64460: Fixed denial of service via specially crafted XML input in django.core.serializers.xmlserializer.getInnerText bsc1254437...

Security update for python-Django (important)

openSUSE security update: security update for python-django ------------------------------------------------------------- Announcement ID: openSUSE-SU-2025-20153-1 Rating: important References: bsc1252926 bsc1254437 Cross-References: CVE-2025-13372 CVE-2025-64459 CVE-2025-64460 CVSS scores:...

BIT-DJANGO-2025-64460 Potential denial-of-service vulnerability in XML serializer text extraction

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote attacker to cause a potential denial-of-service attack triggering CPU and memory exhaustion via specially crafted XML...

OPENSUSE-SU-2025:20153-1 Security update for python-Django

This update for python-Django fixes the following issues: - CVE-2025-64459: Fixed a potential SQL injection via connector keyword argument in QuerySet and Q objects bsc1252926 - CVE-2025-13372,CVE-2025-64460: Fixed Denial of Service in 'django.core.serializers.xmlserializer.getInnerText' bsc12544...

CVE-2025-66631

CSLA .NET prior to 6.0.0 is vulnerable to remote code execution during deserialization when using WcfProxy, which relies on the obsolete NetDataContractSerializer (NDCS). Supported details from multiple sources show that versions 5.5.4 and below are affected, while version 6.0.0 and above remove ...

CVE-2025-66631 CSLA .NET is vulnerable to Remote Code Execution via WcfProxy

CSLA .NET is a framework designed for the development of reusable, object-oriented business layers for applications. Versions 5.5.4 and below allow the use of WcfProxy. WcfProxy uses the now-obsolete NetDataContractSerializer NDCS and is vulnerable to remote code execution during deserialization...

GHSA-WQ34-7F4G-953V Csla affected by Remote Code Execution via WcfProxy (NetDataContractSerializer)

Impact Versions of CSLA .NET prior to version 6 allow the use of WcfProxy. WcfProxy uses the NetDataContractSerializer NDCS which has known vulnerabilities that can allow remote execution of code during deserialization. NDCS itself is considered obsolete, and you should avoid using WcfProxy or...

Updated python-django packages fix security vulnerabilities

Potential SQL injection in FilteredRelation column aliases on PostgreSQL. CVE-2025-13372 Potential denial-of-service vulnerability in XML serializer text extraction. CVE-2025-64460...