Astra Linux - уязвимость в pymongo

A out-of-bounds read in the ‘bson’ module of PyMongo 4.6.2 or earlier allows for deserialization of malformed BSON data provided by the server, which can trigger an exception that may contain arbitrary application memory...

VulnCheck KEV: CVE-2026-27971

Qwik is a performance focused javascript framework. qwik =1.19.0 is vulnerable to RCE due to an unsafe deserialization vulnerability in the server$ RPC mechanism that allows any unauthenticated user to execute arbitrary code on the server with a single HTTP request. Affects any deployment where...

CVE-2026-27971

Qwik is a performance focused javascript framework. qwik =1.19.0 is vulnerable to RCE due to an unsafe deserialization vulnerability in the server$ RPC mechanism that allows any unauthenticated user to execute arbitrary code on the server with a single HTTP request. Affects any deployment where...

CVE-2026-27971 Qwik affected by unauthenticated RCE via server$ Deserialization

Qwik is a performance focused javascript framework. qwik =1.19.0 is vulnerable to RCE due to an unsafe deserialization vulnerability in the server$ RPC mechanism that allows any unauthenticated user to execute arbitrary code on the server with a single HTTP request. Affects any deployment where...

CVE-2026-27971 Qwik affected by unauthenticated RCE via server$ Deserialization

Qwik is a performance focused javascript framework. qwik =1.19.0 is vulnerable to RCE due to an unsafe deserialization vulnerability in the server$ RPC mechanism that allows any unauthenticated user to execute arbitrary code on the server with a single HTTP request. Affects any deployment where...

CVE-2026-27971 Qwik affected by unauthenticated RCE via server$ Deserialization

Qwik is a performance focused javascript framework. qwik =1.19.0 is vulnerable to RCE due to an unsafe deserialization vulnerability in the server$ RPC mechanism that allows any unauthenticated user to execute arbitrary code on the server with a single HTTP request. Affects any deployment where...

CVE-2026-27971

Qwik

GHSA-P9X5-JP3H-96MM Qwik vulnerable to Unauthenticated RCE via server$ Deserialization

Summary qwik =1.19.0 is vulnerable to RCE due to an unsafe deserialization vulnerability in the server$ RPC mechanism that allows any unauthenticated user to execute arbitrary code on the server with a single HTTP request. Affects any deployment where require is available at runtime. Impact -...

Security Bulletin: IBM Rhapsody Systems Engineering is using next-15.4.7.tgz which is vulnerable to CVE-2025-55182

Summary A security vulnerability was identified in the Next.js package used in IBM Rhapsody Systems Engineering. The issue is resolved by updating to a non-vulnerable patched version to ensure the continued security and reliability of the product. Vulnerability Details CVEID:CVE-2025-55182...

Exploit for CVE-2025-66478

React2Shell POC https://nextjs.org/blog/CVE-2025-66478 테스...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 React2Shell PoC 환경 경고: 이 프로젝트는 보안 연구...

Exploit for CVE-2025-55182

I. Overview of the Vulnerability In recent days, there have b...

VulnCheck KEV: CVE-2025-30406

Gladinet CentreStack and Triofox contains a use of hard-coded cryptographic key vulnerability in the way that the application manages keys used for ViewState integrity verification. Successful exploitation allows an attacker to forge ViewState payloads for server-side deserialization, allowing...

SUSE CVE-2024-5629

An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory...

CVE-2017-20189

In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects...

CVE-2017-20189

In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects...

Siemens Siveillance Video Mobile Server 代码问题漏洞

Siveillance Video formerly known as Siveillance VMS is an IP video management software designed for deployments ranging from small and simple to large and highly secure. A code execution vulnerability exists in Siemens Siveillance Video due to the event server component of the affected applicatio...

kafka: RCE/DoS via SASL JAAS JndiLoginModule configuration in Kafka Connect

A flaw was found in Apache Kafka Connect's REST API that permits configuration of SASL property by an authenticated operator, which could allow connection to a malicious LDAP server and subsequent deserialization of malicious content. This issue could allow an authenticated attacker to cause a...

log4j: Unsafe deserialization flaw in Chainsaw log viewer

A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...

log4j: Socket receiver deserialization vulnerability

It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the...