Lucene search
K

203 matches found

EUVD
EUVD
added 2026/06/26 3:32 p.m.4 views

EUVD-2026-39777

Zed Attack Proxy ZAP ViewState add-on before version 4 contains an insecure deserialization vulnerability that allows attackers who control a proxied web server to achieve arbitrary code execution by embedding a malicious serialized Java object in the javax.faces.ViewState HTTP response parameter...

8.8CVSS6.4AI score0.00463EPSS
Exploits0References6
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-57527

Zed Attack Proxy ZAP ViewState add-on before version 4 contains an insecure deserialization vulnerability that allows attackers who control a proxied web server to achieve arbitrary code execution by embedding a malicious serialized Java object in the javax.faces.ViewState HTTP response parameter...

8.8CVSS0.00463EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/26 2:43 p.m.30 views

CVE-2026-57527 ZAP ViewState Add-on Insecure Deserialization via JSFViewState.decode()

Zed Attack Proxy ZAP ViewState add-on before version 4 contains an insecure deserialization vulnerability that allows attackers who control a proxied web server to achieve arbitrary code execution by embedding a malicious serialized Java object in the javax.faces.ViewState HTTP response parameter...

8.8CVSS0.00463EPSS
Exploits0References5
CVE
CVE
added 2026/06/26 2:43 p.m.7 views

CVE-2026-57527

CVE-2026-57527 affects the Zed Attack Proxy (ZAP) ViewState add-on prior to version 4. The vulnerability arises in the JSFViewState.decode() path, which base64-decodes the javax.faces.ViewState value and passes it directly to ObjectInputStream.readObject() without a deserialization filter, allowl...

8.8CVSS6.4AI score0.00463EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/26 2:43 p.m.5 views

CVE-2026-57527

Zed Attack Proxy ZAP ViewState add-on before version 4 contains an insecure deserialization vulnerability that allows attackers who control a proxied web server to achieve arbitrary code execution by embedding a malicious serialized Java object in the javax.faces.ViewState HTTP response parameter...

8.8CVSS6.4AI score0.00463EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2026/05/26 5:19 a.m.25 views

KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike

A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System LMS popular in Japan, was exploited as a zero-day to deliver the Godzilla web shell and ultimately facilitate the deployment of Cobalt Strike Beacon. The vulnerability, tracked as...

7.5CVSS6.5AI score0.01008EPSS
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2026/05/25 12:0 a.m.21 views

VulnCheck KEV: CVE-2026-5426

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks...

9.1CVSS6.5AI score0.01008EPSS
In wildExploits0References3
RedhatCVE
RedhatCVE
added 2026/04/18 7:22 a.m.7 views

CVE-2026-5426

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks...

9.1CVSS6.5AI score0.01008EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/16 6:31 p.m.4 views

EUVD-2026-23271

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks...

6.4AI score0.01008EPSS
Exploits0References3
NVD
NVD
added 2026/04/16 4:16 p.m.8 views

CVE-2026-5426

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks...

9.1CVSS0.01008EPSS
Exploits0References3
CVE
CVE
added 2026/04/16 3:18 p.m.69 views

CVE-2026-5426

CVE-2026-5426 affects Digital Knowledge KnowledgeDeliver prior to Feb 24, 2026, due to a hard-coded ASP.NET/IIS machineKey in web.config. This flaw enables unauthenticated attackers to bypass ViewState validation and achieve remote code execution via crafted ViewState deserialization. In observed...

9.1CVSS6.4AI score0.01008EPSS
In wildExploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/16 3:18 p.m.3 views

CVE-2026-5426

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks...

6.4AI score0.01008EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/16 3:18 p.m.3 views

CVE-2026-5426 KnowledgeDeliver deployments before February 24, 2026 use a static ASP.NET/IIS machineKey value

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks...

6.5AI score0.01008EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/16 3:18 p.m.30 views

CVE-2026-5426 KnowledgeDeliver deployments before February 24, 2026 use a static ASP.NET/IIS machineKey value

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks...

0.01008EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.9 views

PT-2026-33340

Name of the Vulnerable Software and Affected Versions Digital Knowledge KnowledgeDeliver versions prior to February 24, 2026 Description Hard-coded ASP.NET/IIS machineKey values in standardized web.config files allow unauthenticated remote code execution. Attackers can use these shared keys to...

9.1CVSS6.4AI score0.01008EPSS
Exploits0References45
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.5 views

CVE-2025-71260

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the VIEWSTATE paramete...

8.8CVSS7AI score0.3436EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/19 3:31 p.m.4 views

EUVD-2025-208877

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the VIEWSTATE paramete...

8.8CVSS6.7AI score0.3436EPSS
Exploits1References4
NVD
NVD
added 2026/03/19 2:16 p.m.7 views

CVE-2025-71260

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the VIEWSTATE paramete...

8.8CVSS0.3436EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/19 1:45 p.m.4 views

CVE-2025-71260

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the VIEWSTATE paramete...

8.8CVSS6.7AI score0.3436EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/19 1:45 p.m.3 views

CVE-2025-71260 BMC FootPrints ITSM 20.20.02 <= 20.24.01.001 VIEWSTATE Deserialization RCE

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the VIEWSTATE paramete...

8.8CVSS6.9AI score0.3436EPSS
Exploits1References3
Rows per page
Query Builder