323 matches found
flair 安全漏洞
Flair is a very simple and advanced NLP framework developed by Flair OpenSource. There are security vulnerabilities in Flair versions 0.4.1 onwards. These vulnerabilities stem from the LanguageModel class’s ability to deserialize untrusted data, which may allow arbitrary code to be executed when...
CVE-2025-60037
A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which...
CVE-2025-60038
A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which...
CVE-2025-60036
A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data...
CVE-2025-60036
CVE-2025-60036 affects the UA.Testclient utility in Rexroth IndraWorks. All versions prior to 15V24 are vulnerable to Remote Code Execution via deserializing a manipulated file; exploitation requires user interaction (opening a crafted file). This can lead to complete host compromise. No remediat...
CVE-2026-21531
Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network...
tpAdmin 代码问题漏洞
tpAdmin is a management backend developed by Ethan as an individual developer, based on ThinkPHP5. Versions of tpadmin 1.3.12 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect operations with the library...
npm-serialize-javascript: Cross-site Scripting (XSS) in serialize-javascript
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by...
MiracleLinux 7 : log4j-1.2.17-16.0.1.el7.AXS7 (AXSA:2017-2271:01)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2017-2271:01 advisory. Log4j is a tool to help the programmer output log statements to a variety of output targets. CVE-2017-5645 In Apache Log4j 2.x before 2.8.2, when using the T...
CVE-2020-7532
A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack x70 Security Administrator V1.2.0 and prior which could allow arbitrary code execution when an attacker builds a custom .SDB file containing a malicious serialized buffer...
CVE-2019-7091
ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution...
snail-job 代码问题漏洞
snail-job is a distributed task scheduling platform open source by aizuda. A code issue vulnerability exists in snail-job version 1.7.0 and earlier, which stems from a misuse of the parameter argsStr in the component API and could lead to a deserialization attack...
Sa-Token 代码问题漏洞
Sa-Token is a lightweight Java authentication framework open source by dromara. A code issue vulnerability exists in Sa-Token 1.44.0 and earlier versions, which stems from a misuse of the function ObjectInputStream.readObject in the file SaSerializerTemplateForJdkUseBase64.java, which could lead ...
CVE-2025-15117
A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization. The attack may be launched remotely. This attack is characterized by high complexity. It is...
Hugging Face Transformers 代码问题漏洞
Hugging Face Transformers is a Hugging Face open source framework for defining state-of-the-art machine learning models covering textual, visual, audio, and multimodal models for inference and training. A code issue vulnerability exists in Hugging Face Transformers that stems from a lack of...
WordPress plugin BoldGrid Client Invoicing by Sprout Invoices 安全漏洞
WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that provides the ability to set up a personal blog site on a PHP and MySQL based server. A security vulnerability exists in...
Exploit for Deserialization of Untrusted Data in Facebook React
Next.js CVE-2025-55182 Proof of Concept This is a proof-of-co...
Exploit for Deserialization of Untrusted Data in Facebook React
React2Shell CVE-2025-55182 — Local RSC Security Demo ⚠️ W...
Exploit for Deserialization of Untrusted Data in Facebook React
React2Shell CVE-2025-55182 Scanner & Exploit Toolkit for Next...
Exploit for Deserialization of Untrusted Data in Facebook React
React2Shell Scanner A comprehensive vulnera...