EUVD-2026-34069

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

CVE-2026-42778

The fix for CVE-2026-41409 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a stat...

CVE-2026-41409

The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in a class to be read might already have been executed. Affected versions are Apache MINA 2.0.0 =...

EUVD-2023-45841

Malicious code in bioql PyPI...

CVE-2025-27778 Applio allows unsafe deserialization in infer.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in infer.py. The issue can lead to remote code execution. As of time of publication, a fix is available on the main branch of the Applio repository but not attached to a numbered release...

CVE-2025-24016

CVE-2025-24016 is a deserialization flaw in Wazuh servers (v4.4.0–

SUSE-SU-2024:0224-1 Security update for apache-parent, apache-sshd

This update for apache-parent, apache-sshd fixes the following issues: apache-parent was updated from version 28 to 31: - Version 31: New Features: + Added maven-checkstyle-plugin to pluginManagement Improvements: + Set minimalMavenBuildVersion to 3.6.3 - the minimum used by plugins + Using an SP...

PT-2024-14473 · Unknown · Html5 Mp3 Player With Playlist Free

Name of the Vulnerable Software and Affected Versions: HTML5 MP3 Player with Playlist Free versions 3.0.0 and earlier Description: The issue is related to the deserialization of untrusted data, which can lead to potential security risks. No information is provided about the estimated number of...

CLSA-2023-1675986440 java-1.8.0-openjdk: Fix of 2 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b09. That fixes following CVEs: - CVE-2023-21830: Improper restrictions in CORBA deserialization Serialization, 8285021 - CVE-2023-21843: Soundbank URL remote loading Sound, 8293742 - Update tzdata requirement to 2022g to match JDK-8297804 -...

SUSE-SU-2018:3644-1 Security update for systemd

This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. bsc1113632 - CVE-2018-15686: A vulnerability in unitdeserializ...

MGASA-2016-0012 Updated apache-commons-collections packages fix security vulnerability

It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections...