Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

PyPA
PyPAadded 2026/06/01 9:16 a.m.7 views

PYSEC-0000-CVE-2026-45360

Apache Airflow's scheduler-side deadline-reference decoder SerializedCustomReference.deserializereference imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gate. A DAG author whose code reaches the scheduler — t...

7.3CVSS6AI score0.00572EPSS
Exploits0References3Affected Software1
CNNVD
CNNVDadded 2026/05/08 12:0 a.m.8 views

Magnitude Simba Amazon Redshift JDBC Driver 安全漏洞

The Magnitude Simba Amazon Redshift JDBC Driver is a JDBC driver provided by the American company Magnitude. It enables database connection through the standard JDBC Application Programming Interface API available in the Java Platform Enterprise Edition. Versions of the Magnitude Simba Amazon...

9.2CVSS6.1AI score0.00573EPSS
Exploits0References1
Veracode
Veracodeadded 2026/05/07 7:6 a.m.13 views

Unsafe Deserialization

Apache MINA is vulnerable to Unsafe Deserialization. The vulnerability is due to incomplete enforcement of a classname allowlist in AbstractIoBuffer.resolveClass, where certain branches e.g., for primitive or static classes bypass validation and call Class.forName without checks, allowing attacke...

9.8CVSS6AI score0.0093EPSS
Exploits1References3Affected Software1
NVD
NVDadded 2026/05/01 8:16 a.m.3 views

CVE-2026-7584

The LabOne Q serialization framework uses a class-loading mechanism importcls to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target...

8.4CVSS0.00256EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/11/19 3:46 p.m.9 views

CVE-2025-10702

Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JD...

8.6CVSS0.00261EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/02/05 2:18 a.m.6 views

CVE-2024-24824

Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and instantiated using a HTTP PUT request to the /api/system/clusterconfig/ endpoint. Graylog's cluster config system uses fully qualified class...

8.8CVSS8.7AI score0.34498EPSS
Exploits1References1
CNNVD
CNNVDadded 2023/05/05 12:0 a.m.4 views

Jedox 安全漏洞

Jedox is a corporate performance management software from Jedox Inc. for planning, analyzing and reporting in finance and other areas such as sales, human resources and purchasing. A security vulnerability exists in Jedox version 2022.4.2 and earlier versions. An attacker can exploit the...

7.5CVSS7.7AI score0.06741EPSS
Exploits7References9
CNNVD
CNNVDadded 2022/07/28 12:0 a.m.3 views

Apache Calcite 安全漏洞

Apache Calcite is an open source framework from the US Apache Apache Foundation for building databases and data management systems. A code injection vulnerability exists in the Apache Calcite Avatica JDBC driver, which stems from the fact that classes are not verified to implement the expected...

8.8CVSS6.9AI score0.02186EPSS
Exploits0References3
Rows per page
Query Builder