Lucene search
K

7266 matches found

CVE
CVE
added 2 hours ago2 views

CVE-2026-59521

Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC Real Testimonials testimonial-free allows Object Injection.This issue affects Real Testimonials: from n/a through = 3.1.15...

7.2CVSS6.1AI score
Exploits0References1
CVE
CVE
added 2 hours ago6 views

CVE-2026-57770

Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Photography grandphotography allows Object Injection.This issue affects Grand Photography: from n/a through = 5.7.8...

9.8CVSS6.1AI score
Exploits0References1
CVE
CVE
added 2 hours ago6 views

CVE-2026-57713

Deserialization of Untrusted Data vulnerability in Marcus aka @msykes Events Manager events-manager allows Object Injection.This issue affects Events Manager: from n/a through = 7.3.6...

8.8CVSS6.1AI score
Exploits0References1
CVE
CVE
added 2 hours ago8 views

CVE-2026-57724

Deserialization of Untrusted Data vulnerability in Themeum Kirki kirki allows Object Injection.This issue affects Kirki: from n/a through = 6.0.12...

9.8CVSS6.1AI score
Exploits0References1
Nuclei
Nuclei
added yesterday43 views

Veeam Backup & Replication - Unauthenticated

A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution RCE. id: CVE-2024-40711 info: name: Veeam Backup & Replication - Unauthenticated author: rootxharsh,iamnoooob,DhiyaneshDK severity: critical description: | A deserializati...

9.8CVSS7.5AI score0.88193EPSS
Exploits3References3
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-43191

Deserialization of untrusted data in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

8.3CVSS6.2AI score0.00704EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago6 views

PT-2026-57486

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description Deserialization of untrusted data allows an unauthorized attacker to execute code over a network. Deserialization is the process of converting a data format, such as JSO...

8.3CVSS6.2AI score0.00704EPSS
Exploits0References5
CVE
CVE
added 3 days ago10 views

CVE-2026-54469

Dell Unisphere for PowerMax, versions 10.3.0.5 and earlier, are affected by a Deserialization of Untrusted Data vulnerability that could allow arbitrary command execution with root privileges via remote access from a low-privilege attacker. The CVE (CVE-2026-54469) is documented with a high-sever...

8.8CVSS6.3AI score0.00442EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-42874

Dell Unisphere for PowerMax, versions 10.3.0.5 and prior, contains a Deserialization of Untrusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges...

8.8CVSS6.3AI score0.00442EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-50188

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plugins using the Kirby Http Remote class, including Remote::request, Remote::get, and Remote::post, to send outgoing HTTP requests with untrusted data in the headers option could allow newline characters...

6.9CVSS6AI score0.0029EPSS
Exploits0References6Affected Software1
CVE
CVE
added 4 days ago16 views

CVE-2026-50188

Kirby CMS is affected in versions prior to 4.9.4 and 5.4.4 where the Kirby\Http\Remote class (Remote::request/Remote::get/Remote::post) can be given untrusted header data. The issue stems from newline characters in header values being passed to the underlying HTTP request, allowing injection of a...

6.9CVSS6AI score0.0029EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-50188 Kirby: Request header injection in `Http\Remote`

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plugins using the Kirby Http Remote class, including Remote::request, Remote::get, and Remote::post, to send outgoing HTTP requests with untrusted data in the headers option could allow newline characters...

6.9CVSS0.0029EPSS
Exploits0References5
NVD
NVD
added 4 days ago8 views

CVE-2026-15308

The incremental HTML parser html.parser.HTMLParser allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data...

8.7CVSS0.00553EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 5 days ago4 views

jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution

A flaw was found in jackson-databind, a library used for processing data. This vulnerability allows an attacker to bypass security controls designed to validate data types. By sending specially crafted input, an attacker can force the system to process untrusted data, which may lead to the...

8.1CVSS6AI score0.00695EPSS
Exploits0References10
OSV
OSV
added 6 days ago7 views

PYSEC-2026-1208 Azure Core is vulnerable to deserialization of untrusted data

Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network...

7.5CVSS6.1AI score0.00776EPSS
Exploits0References6
OSV
OSV
added 6 days ago4 views

PYSEC-2026-1514 LangChain pickle deserialization of untrusted data

A vulnerability in the FAISS.deserializefrombytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects versions prior to 0.2.4...

8.4CVSS6.4AI score0.00358EPSS
Exploits1References7
NVD
NVD
added 2026/07/06 9:16 a.m.7 views

CVE-2026-46590

Deserialization of Untrusted Data vulnerability in Apache Camel PQC component. The camel-pqc component persists post-quantum key metadata KeyMetadata through pluggable KeyLifecycleManager implementations. HashicorpVaultKeyLifecycleManager and AwsSecretsManagerKeyLifecycleManager read that metadat...

8.8CVSS0.00485EPSS
Exploits0References1
NVD
NVD
added 2026/07/06 9:16 a.m.7 views

CVE-2026-40859

Deserialization of Untrusted Data vulnerability in Apache Camel. The camel-vertx-http component deserializes HTTP response bodies carrying the Content-Type application/x-java-serialized-object using a raw java.io.ObjectInputStream, without applying any ObjectInputFilter...

8.1CVSS0.00724EPSS
Exploits1References2
NVD
NVD
added 2026/07/06 9:16 a.m.7 views

CVE-2026-43866

Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMessage via jakarta.jms.ObjectMessage.getObject whenever the...

7.3CVSS0.00504EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/07/06 8:35 a.m.8 views

CVE-2026-43866 Apache Camel, Apache Camel: Camel JMS - CVE-2026-40860 fix bypass via DefaultExchangeHolder

Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMessage via jakarta.jms.ObjectMessage.getObject whenever the...

6AI score0.00881EPSS
Exploits2References1
Rows per page
Query Builder