Lucene search
K

323 matches found

CNNVD
CNNVD
added 2026/02/26 12:0 a.m.9 views

flair 安全漏洞

Flair is a very simple and advanced NLP framework developed by Flair OpenSource. There are security vulnerabilities in Flair versions 0.4.1 onwards. These vulnerabilities stem from the LanguageModel class’s ability to deserialize untrusted data, which may allow arbitrary code to be executed when...

8.4CVSS6AI score0.00154EPSS
Exploits0References1
NVD
NVD
added 2026/02/18 2:16 p.m.6 views

CVE-2025-60037

A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which...

8.8CVSS0.00287EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/18 2:3 p.m.5 views

CVE-2025-60038

A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which...

7.8CVSS6.3AI score0.00287EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/18 2:2 p.m.6 views

CVE-2025-60036

A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data...

7.8CVSS6.4AI score0.00369EPSS
Exploits0References1
CVE
CVE
added 2026/02/18 2:2 p.m.16 views

CVE-2025-60036

CVE-2025-60036 affects the UA.Testclient utility in Rexroth IndraWorks. All versions prior to 15V24 are vulnerable to Remote Code Execution via deserializing a manipulated file; exploitation requires user interaction (opening a crafted file). This can lead to complete host compromise. No remediat...

8.8CVSS6.4AI score0.00369EPSS
Exploits0References1Affected Software2
RedhatCVE
RedhatCVE
added 2026/02/11 7:44 p.m.4 views

CVE-2026-21531

Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network...

9.8CVSS5.7AI score0.02344EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/07 12:0 a.m.7 views

tpAdmin 代码问题漏洞

tpAdmin is a management backend developed by Ethan as an individual developer, based on ThinkPHP5. Versions of tpadmin 1.3.12 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect operations with the library...

9.8CVSS7.2AI score0.00554EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2026/01/29 7:2 a.m.13 views

npm-serialize-javascript: Cross-site Scripting (XSS) in serialize-javascript

A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by...

5.4CVSS5.8AI score0.01006EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.6 views

MiracleLinux 7 : log4j-1.2.17-16.0.1.el7.AXS7 (AXSA:2017-2271:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2017-2271:01 advisory. Log4j is a tool to help the programmer output log statements to a variety of output targets. CVE-2017-5645 In Apache Log4j 2.x before 2.8.2, when using the T...

9.8CVSS7.9AI score0.8904EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:59 a.m.7 views

CVE-2020-7532

A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack x70 Security Administrator V1.2.0 and prior which could allow arbitrary code execution when an attacker builds a custom .SDB file containing a malicious serialized buffer...

7.8CVSS7.7AI score0.01363EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:36 a.m.11 views

CVE-2019-7091

ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution...

10CVSS7.2AI score0.25704EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.4 views

snail-job 代码问题漏洞

snail-job is a distributed task scheduling platform open source by aizuda. A code issue vulnerability exists in snail-job version 1.7.0 and earlier, which stems from a misuse of the parameter argsStr in the component API and could lead to a deserialization attack...

6.5CVSS6.6AI score0.00237EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.5 views

Sa-Token 代码问题漏洞

Sa-Token is a lightweight Java authentication framework open source by dromara. A code issue vulnerability exists in Sa-Token 1.44.0 and earlier versions, which stems from a misuse of the function ObjectInputStream.readObject in the file SaSerializerTemplateForJdkUseBase64.java, which could lead ...

5CVSS5.5AI score0.0022EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/29 2:3 p.m.4 views

CVE-2025-15117

A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization. The attack may be launched remotely. This attack is characterized by high complexity. It is...

3.1CVSS4.2AI score0.00271EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/23 12:0 a.m.6 views

Hugging Face Transformers 代码问题漏洞

Hugging Face Transformers is a Hugging Face open source framework for defining state-of-the-art machine learning models covering textual, visual, audio, and multimodal models for inference and training. A code issue vulnerability exists in Hugging Face Transformers that stems from a lack of...

7.8CVSS8AI score0.00262EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.2 views

WordPress plugin BoldGrid Client Invoicing by Sprout Invoices 安全漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that provides the ability to set up a personal blog site on a PHP and MySQL based server. A security vulnerability exists in...

9.8CVSS6.5AI score0.0032EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/12/16 1:3 a.m.156 views

Exploit for Deserialization of Untrusted Data in Facebook React

Next.js CVE-2025-55182 Proof of Concept This is a proof-of-co...

10CVSS8.2AI score0.99562EPSS
Exploits372
GithubExploit
GithubExploit
added 2025/12/15 9:1 p.m.145 views

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell CVE-2025-55182 — Local RSC Security Demo ⚠️ W...

10CVSS7.7AI score0.99562EPSS
Exploits372
GithubExploit
GithubExploit
added 2025/12/12 6:33 p.m.219 views

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell CVE-2025-55182 Scanner & Exploit Toolkit for Next...

10CVSS7.8AI score0.99562EPSS
Exploits372
GithubExploit
GithubExploit
added 2025/12/06 7:32 p.m.286 views

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell Scanner A comprehensive vulnera...

10CVSS8.8AI score0.99562EPSS
Exploits386
Rows per page
Query Builder