Lucene search
+L

514 matches found

SUSE Linux
SUSE Linux
added 2025/09/18 6:42 a.m.7 views

Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 50. Security issues fixed: Oracle July 15 2025 CPU bsc1247754. CVE-2025-30749: heap corruption allows unauthenticated attacker with network access to compromise and takeover Java applications th...

8.6CVSS8AI score0.01058EPSS
Exploits1References22
OSV
OSV
added 2025/09/18 6:42 a.m.4 views

SUSE-SU-2025:03262-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 50. Security issues fixed: - Oracle July 15 2025 CPU bsc1247754. - CVE-2025-30749: heap corruption allows unauthenticated attacker with network access to compromise and takeover Java application...

8.6CVSS7.2AI score0.01058EPSS
Exploits1References12
OSV
OSV
added 2025/09/16 9:11 a.m.6 views

SUSE-SU-2025:03236-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 50. Security issues fixed: - Oracle July 15 2025 CPU bsc1247754. - CVE-2025-30749: heap corruption allows unauthenticated attacker with network access to compromise and takeover Java application...

8.6CVSS5.9AI score0.01058EPSS
Exploits1References12
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.28 views

Linux Distros Unpatched Vulnerability : CVE-2020-1898

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The fbunserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to...

7.5CVSS7.5AI score0.01211EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2025/09/09 7:0 a.m.3 views

Microsoft SharePoint Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

8.8CVSS7.3AI score0.18084EPSS
Exploits0
CNNVD
CNNVD
added 2025/09/01 12:0 a.m.4 views

H2O 代码问题漏洞

H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A code issue vulnerability exists in H2O version 3.47.0.99999, which stems from a deserialization issue that could lead to arbitrary code execution and system file reads...

9.8CVSS9.6AI score0.12993EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/08/26 12:45 a.m.3 views

python-cryptography: NULL-dereference when loading PKCS7 certificates

A null-pointer dereference vulnerability was found in python-cryptography during the loading of PKCS7 certificates. Invoking "loadpempkcs7certificates" or "loadderpkcs7certificates" can trigger this issue and lead to subsequent segmentation fault and result in a Denial of Service DoS for any...

7.5CVSS7.1AI score0.00985EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2025/08/22 12:0 a.m.10 views

PT-2025-34483 · Mahara · Mahara

Name of the Vulnerable Software and Affected Versions: Mahara versions 21.10 through 21.10.6 Mahara versions 22.04 through 22.04.4 Mahara versions 22.10 through 22.10.1 Description: The application deserializes user input unsafely during skin import. A specifically crafted XML file could lead to...

9.8CVSS7.8AI score0.00575EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/08/22 12:0 a.m.11 views

PT-2025-34476 · Unknown · Operamasks Sdk Elite Script Engine

Name of the Vulnerable Software and Affected Versions: OperaMasks SDK ELite Script Engine version 0.5.0 Description: OperaMasks SDK ELite Script Engine version 0.5.0 contains a deserialization vulnerability. Recommendations: At the moment, there is no information about a newer version that contai...

8.8CVSS6.2AI score0.00507EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.6 views

PT-2025-33895 · WordPress +1 · Redirection For Contact Form 7 +2

Name of the Vulnerable Software and Affected Versions: Redirection for Contact Form 7 plugin for WordPress versions prior to 3.2.5 Description: The Redirection for Contact Form 7 plugin for WordPress is susceptible to PHP Object Injection due to deserialization of untrusted input within the delet...

7.5CVSS7.1AI score0.00367EPSS
Exploits0References5
NVD
NVD
added 2025/08/08 10:15 a.m.15 views

CVE-2025-53606

Deserialization of Untrusted Data vulnerability in Apache Seata incubating. This issue affects Apache Seata incubating: 2.4.0. Users are recommended to upgrade to version 2.5.0, which fixes the issue...

9.8CVSS0.00601EPSS
Exploits0References2
CVE
CVE
added 2025/08/08 9:22 a.m.35 views

CVE-2025-53606

CVE-2025-53606 describes a Deserialization of Untrusted Data vulnerability in Apache Seata (incubating) affecting version 2.4.0 . The issue allows high-severity impact (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) with network-prioritized exploitation and no user interaction required. The recom...

9.8CVSS6.4AI score0.00601EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/05 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-55636

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0...

9.8CVSS6.6AI score0.00904EPSS
Exploits0References2
NVD
NVD
added 2025/07/30 5:15 p.m.8 views

CVE-2025-25692

A PHAR deserialization vulnerability in the getHeaders function of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request...

6.5CVSS0.00626EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/07/30 12:0 a.m.7 views

PT-2025-31455 · Absolute · Absolute Secure Access

Name of the Vulnerable Software and Affected Versions: Absolute Secure Access versions 12.01 through 13.55 Description: The management console of Absolute Secure Access is susceptible to an issue where attackers possessing administrative privileges can trigger the deserialization and execution of...

7.2CVSS6.8AI score0.00369EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/07/28 12:0 a.m.8 views

PT-2025-31058 · Yanyutao0402 · Chancms

Name of the Vulnerable Software and Affected Versions: yanyutao0402 ChanCMS versions through 3.1.2 Description: A critical vulnerability exists in yanyutao0402 ChanCMS. The getArticle function within the app/modules/cms/controller/collect.js file is susceptible to deserialization due to...

6.5CVSS6.4AI score0.00971EPSS
Exploits1References8
OSV
OSV
added 2025/07/26 3:35 a.m.14 views

CVE-2025-54366 FreeScout's deserialization of untrusted data leads to Remote Code Execution

FreeScout is a lightweight free open source help desk and shared inbox built with PHP Laravel framework. In versions 1.8.185 and below, there is a critical deserialization vulnerability in the /conversation/ajax endpoint that allows authenticated users with knowledge of the APPKEY to achieve remo...

8.6CVSS8.1AI score0.00978EPSS
Exploits1References4
NVD
NVD
added 2025/07/23 12:15 a.m.6 views

CVE-2025-43489

A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could deserialize untrusted data without validation. HP has addressed the issue in the latest software update...

5.2CVSS0.00252EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/16 11:28 a.m.4 views

CVE-2025-30949 WordPress Site Chat on Telegram plugin <= 1.0.4 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in Guru Team Site Chat on Telegram site-chat-on-telegram allows Object Injection.This issue affects Site Chat on Telegram: from n/a through = 1.0.4...

9.8CVSS5.7AI score0.00503EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/16 11:28 a.m.14 views

CVE-2025-31422 WordPress Visual Art | Gallery WordPress Theme <= 2.4 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in designthemes Visual Art | Gallery WordPress Theme visual-arts allows Object Injection.This issue affects Visual Art | Gallery WordPress Theme: from n/a through = 2.4...

8.8CVSS0.00449EPSS
Exploits0References1
Rows per page
Query Builder