341 matches found
EUVD-2026-37831
A critical remote code execution RCE vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This advisory also applies to all CPS versions The identified vulnerability also impacts Windchill and...
CVE-2026-12569 Remote Code Execution (RCE) vulnerability in Windchill PDMlink
A critical remote code execution RCE vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This advisory also applies to all CPS versions The identified vulnerability also impacts Windchill and...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The Kryo-based persistence serializers KryoStateMachineSerialisationService / AbstractKryoStateMachineSerialisationService deserialise persisted state-machine contexts without enabling...
PT-2026-47862
Name of the Vulnerable Software and Affected Versions Nuance PowerScribe affected versions not specified Description Deserialization of untrusted data allows an unauthorized attacker to execute code over a network. Deserialization is the process of converting a data stream back into an object,...
CVE-2026-34659
Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to execute arbitrary code. Exploitation of this...
CVE-2026-9319
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security...
CVE-2026-24162
NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the CookieJar.load function. A user who convinces another user to load a malicious serialized object can cause the execution of arbitrary code. Details Serialization is a process of converting an...
CVE-2026-39555
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. This issue affects Askka: from n/a through 1.3.1...
CVE-2026-39551
The CVE-2026-39551 entry concerns the WordPress Töbel theme (versions <= 1.8.1) with a PHP Object Injection /deserialization vulnerability in Töbel. Affected component: Töbel theme; root cause: deserialization of untrusted data enabling object injection. Impact metrics from Patchstack indicate...
Dassault Systèmes Teamwork Cloud和Dassault Systèmes Magic Collaboration Studio 安全漏洞
Dassault Systèmes Teamwork Cloud and Dassault Systèmes Magic Collaboration Studio are both products of Dassault Systèmes, a French company. Dassault Systèmes Teamwork Cloud is a collaborative model version control and storage platform. Dassault Systèmes Magic Collaboration Studio is a cloud-based...
CVE-2026-24162
NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure...
Deserialization of Untrusted Data
Overview snorkel is an A system for quickly generating training data with weak supervision Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the load function of the BaseLabeler class, which uses the pickle.load method on user-supplied file paths without...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the unserialize function in the sync-invoke client when processing data received from a server response. An attacker can execute arbitrary code by sending crafted serialized data from a malicious...
OpenText RightFax 安全漏洞
OpenText RightFax is an enterprise fax server software developed by OpenText Corporation in Canada. Versions of OpenText RightFax prior to 25.4 contained a security vulnerability that stemmed from deserializing untrusted data, which could lead to object injection attacks...
CVE-2026-34615
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentiall...
PT-2026-32846
Name of the Vulnerable Software and Affected Versions Azure Monitor Agent affected versions not specified Description Deserialization of untrusted data allows an authorized attacker to elevate privileges locally. Recommendations At the moment, there is no information about a newer version that...
Adobe Connect <= 12.10 Multiple Vulnerabilities (APSB26-37)
The version of Adobe Connect installed on the remote host is prior to 12.11. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb26-37 advisory. - Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the XCom API. A privileged DAG Author can execute code on the webserver by invoking a class via legacy serialization keys type/var. Details Serialization is a process of converting an object into a...
CVE-2026-35337
Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject without any class filtering or...