CVE-2025-60036

A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data...

CVE-2025-60036

A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data...

EUVD-2014-5101

Malware in sbrugna...

EUVD-2016-9955

Malware in sbrugna...

EUVD-2016-8270

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-7417

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext/spl/splarray.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allo...

log4j: Unsafe deserialization flaw in Chainsaw log viewer

A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...

K000141270: PHP vulnerabilities CVE-2016-7411, CVE-2016-9138, CVE-2016-9137, CVE-2016-4541, and CVE-2016-4540

Security Advisory Description CVE-2016-7411 ext/standard/varunserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via an unserialize call that referenc...

K29691966: PHP vulnerability CVE-2016-5773

Security Advisory Description phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service...

SUSE CVE-2016-7480

The SplObjectStorage unserialize implementation in ext/spl/splobserver.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service uninitialized memory access via crafted serialized data...

SUSE CVE-2016-9138

PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::toString with DateInterval::wakeup...

Apache Tapestry Unsafe Object Storage

Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service resource consumption or execute arbitrary code via crafted serialized data...

The vulnerability of the `ext/standard/var_unserializer.c` component in the PHP interpreter’s magic method allows a attacker to cause a service failure or potentially have other adverse effects.

The vulnerability of the ext/standard/varunserializer.c component of the PHP interpreter is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability can allow an attacker to cause service failures or potentially have other adverse effects through specially created...

CVE-2016-7124

ext/standard/varunserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a 1 destruct call or 2 magic method call...

Null Pointer Dereference

PHP is vulnerable to null pointer dereference vulnerability. This exists in ext/wddx/wddx.c which allows remote attackers to cause a denial of service via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string...

php: Out-of-bounds heap read on unserialize in finish_nested_data()

The objectcommon1 function in ext/standard/varunserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service buffer over-read and application crash via crafted serialized data that is mishandled in a finishnesteddata call...

VulnCheck KEV: CVE-2017-12149

The JBoss Application Server, shipped with Red Hat Enterprise Application Platform 5.2, allows an attacker to execute arbitrary code via crafted serialized data...

CVE-2017-12149

In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code vi...

Elastic Elasticsearch ThrowableObjectInputStream Insecure Deserialization (CVE-2015-5377)

An insecure deserialization vulnerability exists in Elastic Elasticsearch. This vulnerability is due to the deserialization of untrusted ThrowableObjectInputStream data.A remote, unauthenticated attacker could exploit this vulnerability by sending crafted serialized data to the target application...

CVE-2016-9936

The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6834...