Lucene search
K

11 matches found

Tenable Nessus
Tenable Nessus
added 2026/03/07 12:0 a.m.7 views

Fedora 44 : php-zumba-json-serializer (2026-ce5f5c292d)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-ce5f5c292d advisory. Version 3.2.4 - Fix serialization of parent class private properties by @Copilot in 71 - Fix fatal error when serializing objects with uninitialized typed...

5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.5 views

Fedora 43 : php-zumba-json-serializer (2026-5ff99e948e)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-5ff99e948e advisory. Version 3.2.4 - Fix serialization of parent class private properties by @Copilot in 71 - Fix fatal error when serializing objects with uninitialized typed...

5.8AI score
Exploits0References1
OpenVAS
OpenVAS
added 2026/03/05 12:0 a.m.4 views

Fedora: Security Advisory (FEDORA-2026-5ff99e948e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/03 7:42 a.m.6 views

CVE-2026-27206

A flaw was found in zumba/json-serializer. A remote attacker can exploit a deserialization vulnerability by providing untrusted JSON input that leverages a special @type field to instantiate arbitrary classes. This can lead to PHP Object Injection, potentially allowing the attacker to achieve...

8.1CVSS6.1AI score0.0074EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/21 7:1 a.m.6 views

CVE-2026-27206

Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The deserializer instantiates any class specified in the @type field without restriction. When...

8.1CVSS6.3AI score0.0074EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/02/21 7:1 a.m.30 views

CVE-2026-27206 Zumba Json Serializer has a potential PHP Object Injection via Unrestricted @type in unserialize()

Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The deserializer instantiates any class specified in the @type field without restriction. When...

8.1CVSS0.0074EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/21 7:1 a.m.3 views

CVE-2026-27206 Zumba Json Serializer has a potential PHP Object Injection via Unrestricted @type in unserialize()

Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The deserializer instantiates any class specified in the @type field without restriction. When...

8.1CVSS6.2AI score0.0074EPSS
Exploits0References3
CVE
CVE
added 2026/02/21 7:1 a.m.19 views

CVE-2026-27206

The CVE concerns Zumba Json Serializer for PHP. Versions 3.2.2 and earlier allow deserialization of PHP objects from JSON via an @type field, which can instantiate any class specified without restrictions. If attacker-controlled JSON reaches JsonSerializer::unserialize() and the app contains clas...

8.1CVSS6.2AI score0.0074EPSS
Exploits0References3
OSV
OSV
added 2026/02/21 7:1 a.m.7 views

CVE-2026-27206 Zumba Json Serializer has a potential PHP Object Injection via Unrestricted @type in unserialize()

Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The deserializer instantiates any class specified in the @type field without restriction. When...

8.1CVSS6.3AI score0.0074EPSS
Exploits0References5
OSV
OSV
added 2026/02/19 10:5 p.m.9 views

GHSA-V7M3-FPCR-H7M2 Zumba Json Serializer has a potential PHP Object Injection via Unrestricted @type in unserialize()

Description The zumba/json-serializer library allows deserialization of PHP objects from JSON using a special @type field. Prior to version 3.2.3, the deserializer would instantiate any class specified in the @type field without restriction. When processing untrusted JSON input, this behavior may...

8.1CVSS6.3AI score0.0074EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-27206

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects fro...

8.1CVSS6AI score0.0074EPSS
Exploits0References3
Rows per page
Query Builder