15 matches found
CVE-2026-27475
SPIP before 4.4.9 allows Insecure Deserialization in the public area through the tablevaleur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content a pre-condition requiring prior access or another vulnerability can trigger arbitrary...
CVE-2026-27475
SPIP before 4.4.9 allows Insecure Deserialization in the public area through the tablevaleur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content a pre-condition requiring prior access or another vulnerability can trigger arbitrary...
CVE-2026-27475
SPIP before 4.4.9 allows Insecure Deserialization in the public area through the tablevaleur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content a pre-condition requiring prior access or another vulnerability can trigger arbitrary...
UBUNTU-CVE-2026-27475
SPIP before 4.4.9 allows Insecure Deserialization in the public area through the tablevaleur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content a pre-condition requiring prior access or another vulnerability can trigger arbitrary...
CVE-2026-27475
SPIP before 4.4.9 allows Insecure Deserialization in the public area through the tablevaleur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content a pre-condition requiring prior access or another vulnerability can trigger arbitrary...
CVE-2026-27475
Summary: SPIP up to 4.4.8 is affected by an insecure deserialization vulnerability in the public area via the table_valeur filter and the DATA iterator, which accept serialized data. The underlying issue is deserialization of untrusted content, allowing an attacker who has prior access (or anothe...
CVE-2026-27475 SPIP < 4.4.9 Insecure Deserialization
SPIP before 4.4.9 allows Insecure Deserialization in the public area through the tablevaleur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content a pre-condition requiring prior access or another vulnerability can trigger arbitrary...
CVE-2026-27475 SPIP < 4.4.9 Insecure Deserialization
SPIP before 4.4.9 allows Insecure Deserialization in the public area through the tablevaleur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content a pre-condition requiring prior access or another vulnerability can trigger arbitrary...
CVE-2026-27475
SPIP before 4.4.9 allows Insecure Deserialization in the public area through the tablevaleur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content a pre-condition requiring prior access or another vulnerability can trigger arbitrary...
CVE-2025-71250
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2025-71250
...
CVE-2025-71250
SPIP before 4.4.9 is affected by an Insecure Deserialization via the table_valeur filter and the DATA iterator, which accept serialized data. An attacker with prior access or another vulnerability can trigger arbitrary object instantiation and potentially code execution. The use of serialized dat...
SPIP 安全漏洞
SPIP is an open-source software for creating Internet websites. Versions of SPIP prior to 4.4.9 contained a security vulnerability. This vulnerability stemmed from the tablevaleur filter and the DATA iterator accepting serialized data, which could lead to insecure deserialization attacks...
PT-2026-20848
Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.9 Description SPIP versions prior to 4.4.9 contain an insecure deserialization flaw. This issue affects the public area through the table valeur filter and the DATA iterator, which accept serialized data. An attacker...
PT-2026-20916
Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.9 Description SPIP versions prior to 4.4.9 contain an Insecure Deserialization flaw. The issue is present in the handling of serialized data within the table valeur filter and the DATA iterator. An attacker who can...