514 matches found
CVE-2026-39555
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. This issue affects Askka: from n/a through 1.3.1...
CVE-2026-39551
The CVE-2026-39551 entry concerns the WordPress Töbel theme (versions <= 1.8.1) with a PHP Object Injection /deserialization vulnerability in Töbel. Affected component: Töbel theme; root cause: deserialization of untrusted data enabling object injection. Impact metrics from Patchstack indicate...
Dassault Systèmes Teamwork Cloud and Dassault Systèmes Magic Collaboration Studio have security vulnerabilities
Dassault Systèmes Teamwork Cloud and Dassault Systèmes Magic Collaboration Studio are both products of Dassault Systèmes, a French company. Dassault Systèmes Teamwork Cloud is a collaborative model version control and storage platform. Dassault Systèmes Magic Collaboration Studio is a cloud-based...
PT-2026-44012
Name of the Vulnerable Software and Affected Versions Jenkins Active Directory Plugin versions prior to 2.42 Description The plugin deserializes data from LDAP referrals without proper validation. Deserialization is the process of converting a data stream back into an object, which, when performe...
CVE-2026-24162
NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure...
NVIDIA Transformers4Rec 代码问题漏洞
NVIDIA Transformers4Rec is a deep learning framework for recommendation systems developed by NVIDIA Corporation. NVIDIA Transformers4Rec for Linux has code-related vulnerabilities that could lead to insecure data deserialization, potentially causing code execution, data tampering, and information...
Deserialization of Untrusted Data
Overview snorkel is an A system for quickly generating training data with weak supervision Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the load function of the BaseLabeler class, which uses the pickle.load method on user-supplied file paths without...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the unserialize function in the sync-invoke client when processing data received from a server response. An attacker can execute arbitrary code by sending crafted serialized data from a malicious...
Microsoft Bing 代码问题漏洞
Microsoft Bing is a web search engine developed by Microsoft Corporation in the United States. There are code vulnerabilities in Microsoft Bing, which stem from deserializing unreliable data. These vulnerabilities could allow unauthorized attackers to execute code through the network...
openSUSE 16 Security Update : roundcubemail (openSUSE-SU-2026:20586-1)
The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20586-1 advisory. Changes in roundcubemail: - update to 1.6.15 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to some...
OpenText RightFax 安全漏洞
OpenText RightFax is an enterprise fax server software developed by OpenText Corporation in Canada. Versions of OpenText RightFax prior to 25.4 contained a security vulnerability that stemmed from deserializing untrusted data, which could lead to object injection attacks...
CVE-2026-34615
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentiall...
PT-2026-32846
Name of the Vulnerable Software and Affected Versions Azure Monitor Agent affected versions not specified Description Deserialization of untrusted data allows an authorized attacker to elevate privileges locally. Recommendations At the moment, there is no information about a newer version that...
Adobe Connect <= 12.10 Multiple Vulnerabilities (APSB26-37)
The version of Adobe Connect installed on the remote host is prior to 12.11. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb26-37 advisory. - Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the XCom API. A privileged DAG Author can execute code on the webserver by invoking a class via legacy serialization keys type/var. Details Serialization is a process of converting an object into a...
CVE-2026-35337
Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject without any class filtering or...
Deserialization of Untrusted Data
Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the YAML deserialization in the loadAgentFromFile function. An attacker can execute arbitrary code...
CVE-2026-3357
IBM Langflow Desktop 1.6.0–1.8.2 contains a deserialization flaw in its FAISS Vector Store component that allows an authenticated user to achieve arbitrary code execution by uploading a crafted Python Pickle file. The vulnerability stems from unsafe default behavior that loads untrusted data, gra...
EUVD-2026-19753
NVIDIA DALI contains a vulnerability where an attacker could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to arbitrary code execution...
Security Bulletin: IBM Langflow Desktop FAISS Vector Store Remote Code Execution via malicious Pickle file
Summary IBM Langflow Desktop supports retrieval-augmented generation RAG workflows through its FAISS Vector Store component, which loads persisted vector indexes and associated metadata from disk. A vulnerability in the FAISS component arises from unsafe deserialization of Python Pickle files,...