42 matches found
EUVD-2016-4441
Malware in sbrugna...
EUVD-2020-0570
Malware in sbrugna...
EUVD-2022-42902
Malicious code in bioql PyPI...
EUVD-2024-33940
Malicious code in bioql PyPI...
EUVD-2022-5835
Malicious code in bioql PyPI...
EUVD-2025-19879
Malicious code in bioql PyPI...
EUVD-2024-3187
Malicious code in bioql PyPI...
EUVD-2024-17597
Malicious code in bioql PyPI...
EUVD-2022-5742
Malicious code in bioql PyPI...
CVE-2025-54923
CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution and compromise of system integrity when authenticated users send crafted data to a network-exposed service that performs unsafe deserialization...
CVE-2025-43713
ASNA Assist and ASNA Registrar before 2025-03-31 allow deserialization attacks against .NET remoting. These are Windows system services that support license key management and deprecated Windows network authentication. The services are implemented with .NET remoting and can be exploited via...
PT-2025-27801 · Asna · Asna Registrar +16
Name of the Vulnerable Software and Affected Versions: ASNA Assist versions prior to 2025-03-31 ASNA Registrar versions prior to 2025-03-31 DataGate for SQL Server versions 17.0.36.0 and 16.0.89.0 DataGate Component Suite versions 17.0.36.0 and 16.0.89.0 DataGate Monitor versions 17.0.26.0 and...
CVE-2025-43713
ASNA Assist and ASNA Registrar before 2025-03-31 allow deserialization attacks against .NET remoting. These are Windows system services that support license key management and deprecated Windows network authentication. The services are implemented with .NET remoting and can be exploited via...
CVE-2025-5174
CVE-2025-5174 affects the erdogant pypickle package up to version 1.1.5. The vulnerability is in the load function of pypickle/pypickle.py, enabling deserialization with local access. The exploit has been disclosed, and upgrading to version 2.0.0 is reported to address the issue (patch 14b4cae704...
CVE-2025-32284 WordPress Pet World <= 2.8 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in designthemes Pet World allows Object Injection. This issue affects Pet World: from n/a through 2.8...
CVE-2022-3536
The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 does not have authorisation and proper CSRF checks, as well as does not validate path given via user input, allowing any authenticated users like subscriber to perform PHAR deserialization attacks when they can upload a file, an...
CVE-2021-3902
An improper restriction of external entities XXE vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery SSRF and deserialization attacks. This issue affects all versions prior to 2.0.0. The vulnerability can be exploited even if the isRemoteEnabled option is set to...
CVE-2024-32030
Kafka UI is an Open-Source Web UI for Apache Kafka Management. Kafka UI API allows users to connect to different Kafka brokers by specifying their network address and port. As a separate feature, it also provides the ability to monitor the performance of Kafka brokers by connecting to their JMX...
H2O-3 Multiple Deserialization Vulnerabilities
H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Exploitation can occur when an attacker has access to post to the ImportSQLTable URI with a JSON document containing a connectionurl property with a...
Dompdf 代码问题漏洞
Dompdf is a Dompdf open source HTML to PDF converter . A code issue vulnerability exists in Dompdf versions prior to 2.0.0, which stems from the presence of an improper restriction of the External Entity XXE vulnerability, which could lead to server-side request forgery SSRF and deserialization...