Lucene search
K

100 matches found

RedhatCVE
RedhatCVE
added 2026/06/30 9:22 p.m.18 views

CVE-2026-54512

A flaw was found in jackson-databind. This vulnerability allows a remote attacker to bypass the PolymorphicTypeValidator PTV when polymorphic typing is enabled and a type identifier contains generic parameters. By crafting a malicious type ID, an attacker can place a denied class as a generic typ...

8.1CVSS5.9AI score0.00617EPSS
Exploits1References6
EUVD
EUVD
added 2026/06/30 7:21 p.m.7 views

EUVD-2026-40387

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName and invokes their constructors with no allow-list at three distinct sinks SELECT NEW, enum literals, and reflection-based comparators; an authenticated remo...

7.5CVSS6.1AI score0.00283EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.10 views

CVE-2026-7584

The LabOne Q serialization framework uses a class-loading mechanism importcls to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target...

8.4CVSS6.3AI score0.00256EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/03 9:39 a.m.11 views

CVE-2026-47065 Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass - ZDRES-232

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

9.8CVSS5.8AI score0.00468EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 9:39 a.m.13 views

EUVD-2026-34069

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

9.8CVSS5.8AI score0.00468EPSS
Exploits0References1
PyPA
PyPA
added 2026/06/01 9:16 a.m.12 views

PYSEC-0000-CVE-2026-45360

Apache Airflow's scheduler-side deadline-reference decoder SerializedCustomReference.deserializereference imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gate. A DAG author whose code reaches the scheduler — t...

7.3CVSS6AI score0.00651EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.17 views

PT-2026-42013

Name of the Vulnerable Software and Affected Versions CtrlPanel versions prior to 1.2.0 Description An authenticated admin-level user can achieve Remote Code Execution by supplying an arbitrary class name available in the Composer autoloader. The admin settings update endpoint accepts a fully...

6.6CVSS6AI score0.00532EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/15 8:48 a.m.8 views

CVE-2026-44088

SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream reading from the beginning of the file, but loads classes using class JarFile/URLClassLoader reading the Central Directory from the end. It can lead to remote code execution by allowing an attacker to combine ...

8.6CVSS6.4AI score0.00445EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/15 8:48 a.m.8 views

CVE-2026-44088 Remote Code Execution in SzafirHost

SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream reading from the beginning of the file, but loads classes using class JarFile/URLClassLoader reading the Central Directory from the end. It can lead to remote code execution by allowing an attacker to combine ...

8.6CVSS6.4AI score0.00445EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/15 8:48 a.m.46 views

CVE-2026-44088 Remote Code Execution in SzafirHost

SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream reading from the beginning of the file, but loads classes using class JarFile/URLClassLoader reading the Central Directory from the end. It can lead to remote code execution by allowing an attacker to combine ...

8.6CVSS0.00445EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.15 views

PT-2026-41271

SzafirHost verifies the signature of the downloaded JAR file using class JarInputStream reading from the beginning of the file, but loads classes using class JarFile/URLClassLoader reading the Central Directory from the end. It can lead to remote code execution by allowing an attacker to combine ...

8.6CVSS6.4AI score0.00445EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/14 1:9 p.m.12 views

Amazon Redshift Vulnerable to Remote Code Execution via Unsafe Class Loading

Summary Amazon Redshift JDBC Driver is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces APIs. An issue exists in versions prior to 2.2.2 where the driver could load arbitrary classes when processing certain connection URL parameters...

9.2CVSS6.4AI score0.00573EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/14 1:9 p.m.8 views

GHSA-WMMV-VVG5-993Q Amazon Redshift Vulnerable to Remote Code Execution via Unsafe Class Loading

Summary Amazon Redshift JDBC Driver is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces APIs. An issue exists in versions prior to 2.2.2 where the driver could load arbitrary classes when processing certain connection URL parameters...

9.2CVSS6.4AI score0.00573EPSS
Exploits0References5
NVD
NVD
added 2026/05/08 7:16 p.m.31 views

CVE-2026-8178

An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in the application...

9.2CVSS0.00573EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/08 6:36 p.m.7 views

CVE-2026-8178 Remote Code Execution via Unsafe Class Loading in Amazon Redshift JDBC Driver

An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in the application...

9.2CVSS6.1AI score0.00573EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/08 6:36 p.m.7 views

CVE-2026-8178

An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in the application...

9.2CVSS6.1AI score0.00573EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/08 6:36 p.m.54 views

CVE-2026-8178 Remote Code Execution via Unsafe Class Loading in Amazon Redshift JDBC Driver

An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in the application...

9.2CVSS0.00573EPSS
Exploits0References3
CVE
CVE
added 2026/05/08 6:36 p.m.23 views

CVE-2026-8178

The CVE concerns the Amazon Redshift JDBC Driver (versions prior to 2.2.2). Under certain conditions, processing JDBC connection URL parameters could trigger loading and execution of arbitrary classes, allowing an attacker who can influence the connection URL to run code in the application contex...

9.2CVSS6.1AI score0.00573EPSS
Exploits0References3
OSV
OSV
added 2026/05/08 6:36 p.m.3 views

CVE-2026-8178 Remote Code Execution via Unsafe Class Loading in Amazon Redshift JDBC Driver

An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in the application...

9.2CVSS6.2AI score0.00573EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.16 views

Magnitude Simba Amazon Redshift JDBC Driver 安全漏洞

The Magnitude Simba Amazon Redshift JDBC Driver is a JDBC driver provided by the American company Magnitude. It enables database connection through the standard JDBC Application Programming Interface API available in the Java Platform Enterprise Edition. Versions of the Magnitude Simba Amazon...

9.2CVSS6.1AI score0.00573EPSS
Exploits0References1
Rows per page
Query Builder