CVE-2026-41586 ObjectInputStream.readObject() without ObjectInputFilter in fabric-sdk-java allows Java deserialization RCE

Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject and exposes deSerializeChannel which call ObjectInputStream.readObject on untrusted byte arrays without...

PT-2025-47450

Name of the Vulnerable Software and Affected Versions Apache Causeway affected versions not specified Description Apache Causeway is susceptible to Java deserialization issues that can lead to remote code execution RCE. Exploitation occurs through user-controllable URL parameters. Authenticated...

BIT-PYTORCH-2024-48063

In PyTorch =2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing...

CVE-2024-48063

In PyTorch =2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing...

Linux Distros Unpatched Vulnerability : CVE-2024-48063

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PyTorch =2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed...

PYSEC-2024-259

In PyTorch =2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing...

PT-2024-32976 · Facebook +1 · Pytorch +1

Name of the Vulnerable Software and Affected Versions: PyTorch versions prior to 2.4.1 Description: The issue concerns the RemoteModule in PyTorch, which is reported to have Deserialization RCE. However, it is noted that this behavior is intended in PyTorch distributed computing and is disputed b...

Exploit for Authentication Bypass by Spoofing in Telerik Report_Server_2024

CVE-2024-4358 An Vulnerability detection and Mass Exploitation...

Exploit for Deserialization of Untrusted Data in Torrentpier

CVE-2024-1651 This CVE was discovered by Carlos Bello from the...

Oracle WebLogic Server Java Object Deserialization RCE (CVE-2020-2883)

Binary data oracleweblogicservercve20202883.nbin...

Oracle Weblogic Server Deserialization RCE - AsyncResponseService

An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a malicious SOAP request to the interface WLS AsyncResponseService to execute code on the vulnerable host. This module requires Metasploit: https://metasploit.com/download Current source:...

Oracle Weblogic Server Deserialization RCE - Raw Object (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' class MetasploitModule 'Oracle Weblogic Server Deserialization RCE - Raw Object', 'Description' = %q An unauthenticated attacker wi...

Semmle: All Burp Suite Scan report

Summary: 1. Detected Deserialization RCE: Jackson 1.1. https://lgtm-com.pentesting.semmle.net/blog/ lgtmshortsession cookie 1.2. https://lgtm-com.pentesting.semmle.net/internalapi/v0.2/getSuggestedProjects apiVersion parameter 2. Session token in URL 3. CSP: Inline scripts can be inserted 3.1...

Oracle WebLogic Server 10.3.6.0 / 12.1.3.0 / 12.2.1.3 Java Object Deserialization RCE (CVE-2018-3191)

Binary data oracleweblogicservercve20183191.nbin...

Oracle Weblogic Server - Deserialization Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' class MetasploitModule 'Oracle Weblogic Server Deserialization RCE', 'Description' = %q An unauthenticated attacker with network...

Adobe ColdFusion Deserialization RCE (CVE-2017-11283, CVE-2017-11238)

During my research into the Java Remote Method Invocation RMI protocol, the most common RMI service that I came across was Adobe ColdFusion’s Flex integration service which is used to support integration between Flash applications and ColdFusion components. A quick look at this service led to the...