Lucene search
K

93 matches found

RedHat Linux
RedHat Linux
added 4 days ago7 views

Important: Red Hat Security Advisory: ruby security update

An update for ruby is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

8.1CVSS6.3AI score0.01131EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 4 days ago7 views

Important: Red Hat Security Advisory: ruby security update

An update for ruby is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

8.1CVSS6.3AI score0.01131EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 4 days ago6 views

erb: ERB: Arbitrary code execution via deserialization bypass

A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source...

8.1CVSS6.4AI score0.01131EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/23 9:23 p.m.7 views

jackson-databind has case-insensitive deserialization bypasses per-property @JsonIgnoreProperties

Summary In BeanDeserializerBase.createContextual, per-property @JsonIgnoreProperties exclusions are applied by handleByNameInclusion, producing a contextual deserializer whose BeanPropertyMap has the ignored properties removed. The subsequent per-property case-insensitivity block triggered by...

5.3CVSS5.8AI score0.00345EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2026/06/23 9:17 p.m.4 views

DEBIAN-CVE-2026-54516

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed...

5.3CVSS5.9AI score0.00282EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/23 8:53 p.m.4 views

CVE-2026-54513 jackson-databind: Array subtype allowlist bypass in BasicPolymorphicTypeValidator (allowIfSubTypeIsArray)

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray allowlists any array type based only on clazz.isArray, without validating th...

8.1CVSS5.8AI score0.00677EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/23 8:50 p.m.26 views

CVE-2026-54515 jackson-databind: Case-insensitive deserialization bypasses per-property @JsonIgnoreProperties

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.8.0 until 2.18.9, 2.21.5, and 3.1.4, in BeanDeserializerBase.createContextual, per-property @JsonIgnoreProperties exclusions are applied by handleByNameInclusion, producing a...

5.3CVSS0.00345EPSS
Exploits0References4
CVE
CVE
added 2026/06/23 8:50 p.m.187 views

CVE-2026-54515

CVE-2026-54515 affects jackson-databind where, from 2.8.0 up to 2.18.9, 2.21.5 and 3.1.4, per-property @JsonIgnoreProperties exclusions are bypassed during a case-insensitive deserialization, making ignored properties writable again. The root cause is in BeanDeserializerBase.createContextual(), w...

5.3CVSS5.8AI score0.00345EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/17 9:8 p.m.36 views

CVE-2026-48990

In joserfc (Python), CVE-2026-48990 affects versions 1.3.4–1.6.5 where oversized RFC7797 b64=false JWS payloads bypass JWSRegistry.max_payload_length during deserialization, enabling potential resource exhaustion. The standard JWS compact/flattened paths enforce the payload limit via ExceededSize...

5.3CVSS5.4AI score0.00163EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/17 4:57 p.m.9 views

Important: Red Hat Security Advisory: ruby:3.3 security update

An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

8.1CVSS6AI score0.01131EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/17 4:57 p.m.7 views

erb: ERB: Arbitrary code execution via deserialization bypass

A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source...

8.1CVSS6.2AI score0.01131EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/16 1:37 p.m.11 views

Important: Red Hat Security Advisory: ruby security update

An update for ruby is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.1CVSS6AI score0.01131EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.10 views

MiracleLinux 8 : ruby:3.3 (AXSA:2026-769:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-769:01 advisory. erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Tenable has extracted the preceding description block directly from the...

8.1CVSS6AI score0.01131EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 4:9 p.m.41 views

CVE-2026-50076

CVE-2026-50076 affects the Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM. The issue is a deserialization flaw in the Java replace-resolve path that allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and to invoke classpath-present readResolve/r...

9.1CVSS5.8AI score0.0052EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/04 4:9 p.m.38 views

CVE-2026-50076 Apache Fory: Java ReplaceResolverSerializer deserialization checks bypass

Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and invoke classpath-present readResolve/readExternal hooks via...

0.0052EPSS
Exploits0References1
OSV
OSV
added 2026/06/04 12:4 p.m.9 views

RLSA-2026:20606 Important: ruby4.0 security update

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible. Security Fixes: ruby/json: Ruby JSON: Denial of Service or Informatio...

9.1CVSS6.2AI score0.01131EPSS
Exploits0References3
Rockylinux
Rockylinux
added 2026/06/04 12:4 p.m.11 views

ruby4.0 security update

An update is available for ruby4.0. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is the interpreted scripting language for quick and easy object-oriente...

9.1CVSS6.7AI score0.01131EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.19 views

Linux Distros Unpatched Vulnerability : CVE-2026-47065

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream...

9.8CVSS5.8AI score0.00468EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/03 9:39 a.m.39 views

CVE-2026-47065 Apache MINA: Critical Deserialization Allow-list Bypass via resolveProxyClass - ZDRES-232

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

9.8CVSS0.00468EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.22 views

PT-2026-45913

Name of the Vulnerable Software and Affected Versions Java affected versions not specified Description Two issues exist regarding Java deserialization filters. First, a filter bypass occurs when a serialized stream contains a TC PROXYCLASSDESC marker for a java.lang.reflect.Proxy. In this case,...

9.8CVSS5.8AI score0.00468EPSS
Exploits0References18
Rows per page
Query Builder