Lucene search
+L

16 matches found

CVE
CVE
added yesterday20 views

CVE-2026-54159

CVE-2026-54159 affects PrestaShop ps_facetedsearch module versions 3.0.0 through 4.0.3. The root cause is trusting the value of slider filters (price/weight) from the request URL, storing it in an internal cache, and deserializing it with PHP’s native unserialize(), enabling a crafted object inje...

10CVSS5.7AI score0.00092EPSS
Exploits0References3
Cvelist
Cvelist
added yesterday22 views

CVE-2026-8476 Disk Cache Deserialization Remote Code Execution Vulnerability

IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in the disk-based caching mechanism. The AsyncDiskCache class uses Python's unsafe pickle.loads function to deserialize cached objects from disk without validation, integrity verification, or...

9.9CVSS
Exploits0References1
CVE
CVE
added yesterday17 views

CVE-2026-8476

Langflow OSS versions 1.0.0–1.10.0 are impacted by a remote code execution vulnerability in the disk-based cache. The AsyncDiskCache deserializes cached items with unsafe pickle.loads() without validation, allowing arbitrary code execution when an attacker can influence cached data (e.g., through...

9.9CVSS6.5AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/02 7:23 p.m.9 views

Security Bulletin: Disk Cache Deserialization Remote Code Execution Vulnerability

Summary A remote code execution vulnerability was discovered in the disk-based caching mechanism. The vulnerability arose from unsafe deserialization of pickle data in cache services, which processed cached items without validation or integrity checks. An attacker who could influence or tamper wi...

9.9CVSS6.6AI score
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/10 3:0 p.m.15 views

CVE-2026-49740

TYPO3's cache frontend VariableFrontend and persistent key-value store Registry deserialized PHP payloads without integrity validation or class restrictions. An attacker with write access to the underlying storage backend cache store or sysregistry database table could inject a crafted serialized...

6.3CVSS5.8AI score0.00215EPSS
Exploits0References1
NVD
NVD
added 2026/05/15 2:16 a.m.37 views

CVE-2026-8612

WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution. With no explicit cache backend, WWW::Mechanize::Cached constructs a default Cache::FileCache under /tmp/FileCache without...

5.3CVSS0.00127EPSS
Exploits0References4
OSV
OSV
added 2026/05/15 1:11 a.m.5 views

CVE-2026-8612 WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution

WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution. With no explicit cache backend, WWW::Mechanize::Cached constructs a default Cache::FileCache under /tmp/FileCache without...

5.3CVSS6.2AI score0.00127EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.14 views

WWW::Mechanize::Cached 代码问题漏洞

WWW::Mechanize::Cached is an open-source module developed by libwww-perl for the Perl language, serving as an extension to WWW::Mechanize. Versions of WWW::Mechanize::Cached prior to version 2.00 contained code vulnerabilities. These vulnerabilities stemmed from the ability to deserialize HTTP...

5.3CVSS6.1AI score0.00127EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.14 views

LINQPad 代码问题漏洞

LINQPad is a lightweight development tool provided by LINQPad Inc., designed for writing and executing LINQ queries and .NET code. Versions of LINQPad 5.52.01 and earlier, including the Pro edition, have code vulnerabilities due to unsafe deserialization in...

7.3CVSS7.4AI score0.00488EPSS
Exploits5References1
Zero Science Lab
Zero Science Lab
added 2026/04/12 12:0 a.m.72 views

Pachno 1.0.6 FileCache Deserialization Remote Code Execution

Summary Pachno is an open-source collaboration platform formerly known as The Bug Genie designed for team project management, issue tracking, and documentation. It offers a module-based, customizable environment for software development and team workflows, distributed under the Mozilla Public...

9.8CVSS6.4AI score0.00484EPSS
Exploits1
NVD
NVD
added 2026/02/25 6:23 p.m.11 views

CVE-2026-27794

LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Prior to version 4.0.0, a Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from BaseCache and opt nodes into caching via CachePolicy. Prior to...

6.6CVSS0.00698EPSS
Exploits0References4
OSV
OSV
added 2026/01/23 3:29 a.m.11 views

CVE-2026-0772 Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability

Langflow Disk Cache Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is required to exploit this vulnerability. The specific flaw exists within the disk...

7.5CVSS7.6AI score0.00897EPSS
Exploits1References3
OSV
OSV
added 2024/05/14 3:15 p.m.3 views

DEBIAN-CVE-2024-29160

HDF5 through 1.14.3 contains a heap buffer overflow in H5HGcacheheapdeserialize, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution...

7.4CVSS8.8AI score0.00223EPSS
Exploits0References1
OSV
OSV
added 2024/05/14 3:15 p.m.7 views

UBUNTU-CVE-2024-29160

HDF5 through 1.14.3 contains a heap buffer overflow in H5HGcacheheapdeserialize, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution...

7.4CVSS7.3AI score0.00223EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/09 12:0 a.m.7 views

PT-2024-22773 · Hdf5 +1 · Hdf5 +1

Name of the Vulnerable Software and Affected Versions: HDF5 versions prior to 1.14.4 Description: The issue is a heap buffer overflow in the H5HG cache heap deserialize function, which can lead to the corruption of the instruction pointer. This can cause a denial of service or potentially allow f...

7.4CVSS7.7AI score0.00223EPSS
Exploits0References10
CNVD
CNVD
added 2017/08/10 12:0 a.m.10 views

ThinkPHP Cache Functions Have Design Flaw Vulnerability

ThinkPHP is developed and maintained by the Shanghai Top Thinking company MVC structure of the open-source PHP framework. There is a design flaw vulnerability in the ThinkPHP cache function. The vulnerability is due to ThinkPHP in the use of cache data serialization, stored in the php file caused...

6.8AI score
Exploits0
Rows per page
Query Builder