Lucene search
K

12 matches found

CVE
CVE
added 2026/06/26 7:9 p.m.18 views

CVE-2026-52780

OpenProject (open-source, web-based project management software) is affected by a cache store poisoning vulnerability that can lead to Remote Code Execution (RCE) before versions 17.3.3 and 17.4.1. The issue is resolved in 17.3.3 and 17.4.1. Affected component details and underlying root cause ar...

9.6CVSS5.9AI score0.00233EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/12 7:9 p.m.5 views

Deserialization of Untrusted Data

Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the VariableFrontend or Registry. An attacker can execute arbitrary PHP code by injecting a crafted serialized payload into...

9.3CVSS6.1AI score0.00215EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/01/09 12:35 a.m.9 views

SUSE CVE-2024-53866

The package manager pnpm prior to version 9.15.0 seems to mishandle overrides and global cache: Overrides from one workspace leak into npm metadata saved in global cache; npm metadata from global cache affects other workspaces; and installs by default don't revalidate the data including on first...

9.8CVSS7.9AI score0.00942EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/08/22 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2020-8165

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A deserialization of untrusted data vulnernerability exists in rails 5.2.4.3, rails 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in...

9.8CVSS8AI score0.45732EPSS
Exploits5References2
vulnersOsv
vulnersOsv
added 2023/12/28 6:30 p.m.3 views

org.infinispan:infinispan-cachestore-jdbc (>=15.0.0.Dev01 <=15.0.0.Dev10), org.infinispan:infinispan-cachestore-sql (>=15.0.0.Dev01 <=15.0.0.Dev10) +10 more potentially affected by CVE-2023-5384 via org.infinispan:infinispan-cachestore-jdbc-common (>=15.0.0.Dev01 <=15.0.0.Dev06)

org.infinispan:infinispan-cachestore-jdbc-common MAVEN version =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev06, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev10 Source cves: CVE-2023-538...

7.2CVSS6.2AI score0.00543EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2021/04/21 1:15 p.m.6 views

rubygem-activesupport: potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore

A flaw was found in rubygem-activesupport. An untrusted user input can be written to the cache store using the raw: true parameter which can lead to the result being evaluated as a marshaled object instead of plain text. The threat from this vulnerability is to data confidentiality and integrity ...

9.8CVSS7AI score0.45732EPSS
Exploits5References5
OSV
OSV
added 2021/04/07 11:2 a.m.7 views

OESA-2021-1145 rubygem-rails security update

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration. Security Fixes: A deserialization of untrusted data vulnernerability exists in rails 5.2.4.3, rails 6.0.3.1 that can...

9.8CVSS7.3AI score0.45732EPSS
Exploits6References3
OSV
OSV
added 2020/06/19 6:15 p.m.4 views

DEBIAN-CVE-2020-8165

A deserialization of untrusted data vulnernerability exists in rails 5.2.4.3, rails 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE...

9.8CVSS7.7AI score0.45732EPSS
Exploits5References1
OSV
OSV
added 2020/06/19 6:15 p.m.3 views

UBUNTU-CVE-2020-8165

A deserialization of untrusted data vulnernerability exists in rails 5.2.4.3, rails 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE...

9.8CVSS7.1AI score0.45732EPSS
Exploits5References5
RedhatCVE
RedhatCVE
added 2020/06/02 5:21 p.m.72 views

CVE-2020-8165

A flaw was found in rubygem-activesupport. An untrusted user input can be written to the cache store using the raw: true parameter which can lead to the result being evaluated as a marshaled object instead of plain text. The threat from this vulnerability is to data confidentiality and integrity ...

7.5CVSS1.4AI score0.45732EPSS
Exploits5References4
BDU FSTEC
BDU FSTEC
added 2020/06/02 12:0 a.m.5 views

The vulnerabilities of the Caching components, CacheStore, and the software platform for data processing in Oracle Coherence allow a hacker to gain full control over the application.

The vulnerability of the Caching, CacheStore, and Invocation components of the Oracle Coherence data processing software platform is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain full control over the application through the IIOP an...

10CVSS7.7AI score0.01961EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2020/05/27 4:8 a.m.44 views

Arbitrary Code Execution

activesupport is vulnerable to arbitrary code execution. The vulnerability exists as the user input written to the cache store using the raw: true parameter can cause the cached code to be evaluated when read again...

9.8CVSS3.2AI score0.45732EPSS
Exploits5References12Affected Software2
Rows per page
Query Builder