Lucene search
K

323 matches found

Ubuntu
Ubuntu
added 2025/12/02 3:14 p.m.5 views

USN-7903-1: Django vulnerabilities

It was discovered that Django incorrectly handled certain characters in the FilteredRelation object. An attacker could possibly use this issue to execute arbitrary SQL commands. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10...

7.5CVSS8AI score0.02143EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 6:25 a.m.8 views

Security Bulletin: Due to use of Apache Jena SDB, IBM Jazz Reporting Service is affected by a JDBC Deserialisation attack.

Summary Apache Jena SDB is used internally by IBM Jazz Reporting Service CVE-2022-45136. Vulnerability Details CVEID:CVE-2022-45136 DESCRIPTION: Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the...

9.8CVSS6.6AI score0.01525EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/01 3:32 a.m.4 views

CVE-2025-13805 nutzam NutzBoot LiteRpc-Serializer HttpServletRpcEndpoint.java getInputStream deserialization

A weakness has been identified in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This affects the function getInputStream of the file nutzcloud/nutzcloud-literpc/src/main/java/org/nutz/boot/starter/literpc/impl/endpoint/http/HttpServletRpcEndpoint.java of the component LiteRpc-Serializer. Executing a...

6.3CVSS4.2AI score0.00317EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/11/26 12:42 a.m.7 views

CVE-2025-51744

An issue was discovered in jishenghua JSHERP 2.3.1. The /user/addUser endpoint is vulnerable to fastjson deserialization attacks...

9.8CVSS7.1AI score0.00407EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/26 12:42 a.m.8 views

CVE-2025-51743

An issue was discovered in jishenghua JSHERP 2.3.1. The /materialCategory/addMaterialCategory endpoint is vulnerable to fastjson deserialization attacks...

9.8CVSS7.1AI score0.00407EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/25 9:32 p.m.5 views

EUVD-2025-199648

An issue was discovered in jishenghua JSHERP 2.3.1. The /serialNumber/addSerialNumber endpoint is vulnerable to fastjson deserialization attacks...

6.5AI score0.00407EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/11/25 12:0 a.m.9 views

CVE-2025-51744

An issue was discovered in jishenghua JSHERP 2.3.1. The /user/addUser endpoint is vulnerable to fastjson deserialization attacks...

0.00407EPSS
Exploits0References4
Snyk
Snyk
added 2025/11/19 10:46 a.m.2 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the ViewModel functionality. An authenticated attacker can execute arbitrary code with application privileges by supplying crafted data through user-controllable URL parameters. Details Serializatio...

8.8CVSS7.5AI score0.09442EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/11/18 9:26 a.m.168 views

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

🔥 Log4Shell CVE-2021-44228 Analysis !License: MIThttps:...

10CVSS9.1AI score0.99999EPSS
Exploits350
NVD
NVD
added 2025/11/05 3:15 a.m.8 views

CVE-2025-8871

The Everest Forms Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input in the mimecontenttype function. This makes it possible for unauthenticated attackers to inject a PHP Object. This vulnerability may ...

5.6CVSS0.00274EPSS
Exploits0References2
Veracode
Veracode
added 2025/11/04 7:51 a.m.7 views

Deserialization Of Untrusted Data

Snipe-IT is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to improper handling of untrusted serialized data, which allows an attacker to supply malicious objects that can be deserialized to execute arbitrary code or manipulate application logic...

8.1CVSS7.7AI score0.00349EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/10/14 5:16 p.m.4 views

CVE-2025-59285

Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally...

7CVSS5.7AI score0.00711EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-0034

Malware in sbrugna...

9.8CVSS9.2AI score0.07225EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.29 views

EUVD-2019-0720

Malware in sbrugna...

5CVSS5.2AI score0.00879EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-7487

Malware in sbrugna...

9.8CVSS9.4AI score0.03343EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-0304

Malware in sbrugna...

10CVSS9.3AI score0.03621EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-0642

Malware in sbrugna...

9.3CVSS8AI score0.05666EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-27369

Malware in sbrugna...

9.1CVSS9.3AI score0.01266EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-0165

Malware in sbrugna...

9.8CVSS9.1AI score0.17353EPSS
Exploits4References14
EUVD
EUVD
added 2025/10/06 9:30 p.m.5 views

EUVD-2025-32586

A vulnerability has been found in ILIAS up to 8.23/9.13/10.1. This affects the function unserialize of the component Base64 Decoding Handler. Such manipulation of the argument fsettings leads to deserialization. It is possible to launch the attack remotely. Upgrading to version 8.24, 9.14 and 10....

6.5CVSS6.4AI score0.00411EPSS
Exploits0References5
Rows per page
Query Builder