39 matches found
EUVD-2026-37670
Unauthenticated Deserialization of untrusted data in Slimstat Analytics 5.4.0 versions...
CVE-2026-27410
Unauthenticated Deserialization of untrusted data in Slimstat Analytics 5.4.0 versions...
CVE-2026-48853
Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote code...
CVE-2026-48853
CVE-2026-48853 affects the elixir-grpc/grpc stack where the Erlpack codec decodes gRPC payloads with :erlang.binary_to_term/1 without safety bounds. This leads to untrusted data deserialization, atom creation risk (atom table exhaustion) and potential remote code execution if a malicious term rea...
EUVD-2026-36915
Unauthenticated Deserialization of untrusted data in Paid Videochat Turnkey Site = 7.3.23 versions...
CVE-2026-27333
Unauthenticated Deserialization of untrusted data in Paid Videochat Turnkey Site = 7.3.23 versions...
PT-2026-49360
Unauthenticated Deserialization of untrusted data in Paid Videochat Turnkey Site = 7.3.23 versions...
Symfony has Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener
Description Symfony\Bridge\Monolog\Command\ServerLogCommand the server:log console command is a development-time helper that opens a TCP listener and displays log records pushed to it by the application's logging pipeline. Two unsafe defaults combine into a remotely reachable PHP...
VulnCheck KEV: CVE-2025-26399
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patc...
📄 Adobe Commerce Insecure Deserialization
This flaw in Magento 2 / Adobe Commerce 2.4.x enables remote attackers to manipulate internal session handling paths and abuse PHP object chains Guzzle FileCookieJar gadget to achieve arbitrary file write, leading to remote code execution...
RPi-Jukebox-RFID 安全漏洞
RPi-Jukebox-RFID is a contactless jukebox for the Raspberry Pi from the individual developer Micz Flor in Germany. It plays audio files, playlists, podcasts, web streams and spotify triggered by RFID cards. A security vulnerability exists in RPi-Jukebox-RFID, which stems from an unauthenticated...
EUVD-2017-18922
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.7.9.3 exclusive via deserialization of untrusted input from the isexpiredbydate function. This makes it possible for...
CVE-2025-35051 Newforma Project Center Server (NPCS) .NET unauthenticated deserialization
Newforma Project Center Server NPCS accepts serialized .NET data via the '/ProjectCenter.rem' endpoint on 9003/tcp, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. According to the recommended architecture, the vulnerable NPCS...
CVE-2025-35051 Newforma Project Center Server (NPCS) .NET unauthenticated deserialization
Newforma Project Center Server NPCS accepts serialized .NET data via the '/ProjectCenter.rem' endpoint on 9003/tcp, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. According to the recommended architecture, the vulnerable NPCS...
CVE-2025-35050 Newforma Info Exchange (NIX) .NET unauthenticated deserialization
Newforma Info Exchange NIX accepts serialized .NET data via the '/remoteweb/remote.rem' endpoint, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. The vulnerable endpoint is used by Newforma Project Center Server NPCS, so a...
CVE-2025-35050
Summary: CVE-2025-35050 affects Newforma Info Exchange (NIX), where insecure deserialization of serialized .NET data via the /remoteweb/remote.rem endpoint allows a remote, unauthenticated attacker to execute arbitrary code with NT AUTHORITY\NetworkService privileges. The vulnerable endpoint is u...
EUVD-2025-30842
Malicious code in bioql PyPI...
SolarWinds Web Help Desk < 12.8.7 Hotfix 1 Unsafe Deserialization
The version of Solarwinds Web Help Desk installed on the remote host is prior to 12.8.7 Hotfix 1. It is, therefore, affected by an unsafe deserialization vulnerability. - SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution...
CVE-2025-26399
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patc...
CVE-2025-26399
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patc...