Fedora: Security Advisory (FEDORA-2026-5ff99e948e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2026-27206

A flaw was found in zumba/json-serializer. A remote attacker can exploit a deserialization vulnerability by providing untrusted JSON input that leverages a special @type field to instantiate arbitrary classes. This can lead to PHP Object Injection, potentially allowing the attacker to achieve...

CVE-2026-27794 LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution

LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Prior to version 4.0.0, a Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from BaseCache and opt nodes into caching via CachePolicy. Prior to...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the DefaultLevelDBSerializer class. An attacker can execute arbitrary code by injecting a crafted serialized Java object into the LevelDB database files, which is then deserialized during normal...

Apache Camel 安全漏洞

Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern EIP, developed by the Apache Foundation in the United States. This framework provides implementations of Java objects following the EIP pattern, and routing and mediation rules are configured through...

Deserialization of Untrusted Data

Overview zumba/json-serializer is a Serialize PHP variables, including objects, in JSON format. Support to unserialize it too. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JsonSerializer::unserialize function. An attacker can execute arbitrary code...

CVE-2026-27206 Zumba Json Serializer has a potential PHP Object Injection via Unrestricted @type in unserialize()

Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The deserializer instantiates any class specified in the @type field without restriction. When...

CVE-2026-27206 Zumba Json Serializer has a potential PHP Object Injection via Unrestricted @type in unserialize()

Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The deserializer instantiates any class specified in the @type field without restriction. When...

CVE-2026-27206

Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The deserializer instantiates any class specified in the @type field without restriction. When...

CVE-2026-27206

The CVE concerns Zumba Json Serializer for PHP. Versions 3.2.2 and earlier allow deserialization of PHP objects from JSON via an @type field, which can instantiate any class specified without restrictions. If attacker-controlled JSON reaches JsonSerializer::unserialize() and the app contains clas...

CVE-2026-27206 Zumba Json Serializer has a potential PHP Object Injection via Unrestricted @type in unserialize()

Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The deserializer instantiates any class specified in the @type field without restriction. When...

Json Serializer for PHP 代码问题漏洞

Json Serializer for PHP is an open-source JSON serialization tool developed by Zumba. Versions of Json Serializer for PHP prior to 3.2.2 had code vulnerabilities. These vulnerabilities stemmed from the ability to deserialize PHP objects using the @type field, which could lead to PHP object...

GHSA-V7M3-FPCR-H7M2 Zumba Json Serializer has a potential PHP Object Injection via Unrestricted @type in unserialize()

Description The zumba/json-serializer library allows deserialization of PHP objects from JSON using a special @type field. Prior to version 3.2.3, the deserializer would instantiate any class specified in the @type field without restriction. When processing untrusted JSON input, this behavior may...

Linux Distros Unpatched Vulnerability : CVE-2026-27206

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects fro...

CVE-2024-39018

harvey-woo cat5th/key-serializer v0.2.5 was discovered to contain a prototype pollution via the function "query". This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2025-69286

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API key and beta assistant/agent share auth token generation process allows these tokens to be mutually derivable. Specifically, both tokens are...

PT-2026-20985

Name of the Vulnerable Software and Affected Versions Zumba Json Serializer versions 3.2.2 and below Description The Zumba Json Serializer library allows deserialization of PHP objects from JSON using a special @type field. Prior to version 3.2.3, the deserializer instantiates any class specified...

CVE-2025-69286 RAGFlow has Predictable Token Generation Leading to Authentication Bypass Vulnerability

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API key and beta assistant/agent share auth token generation process allows these tokens to be mutually derivable. Specifically, both tokens are...

CVE-2025-15246

A vulnerability was determined in aizuda snail-job up to 1.7.0 on macOS. Affected by this vulnerability is the function FurySerializer.deserialize of the component API. This manipulation of the argument argsStr causes deserialization. Remote exploitation of the attack is possible. The exploit has...

CVE-2025-15246

A vulnerability was determined in aizuda snail-job up to 1.7.0 on macOS. Affected by this vulnerability is the function FurySerializer.deserialize of the component API. This manipulation of the argument argsStr causes deserialization. Remote exploitation of the attack is possible. The exploit has...