514 matches found
Security update for java-1_8_0-ibm
This update for java-180-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 50. Security issues fixed: Oracle July 15 2025 CPU bsc1247754. CVE-2025-30749: heap corruption allows unauthenticated attacker with network access to compromise and takeover Java applications th...
SUSE-SU-2025:03262-1 Security update for java-1_8_0-ibm
This update for java-180-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 50. Security issues fixed: - Oracle July 15 2025 CPU bsc1247754. - CVE-2025-30749: heap corruption allows unauthenticated attacker with network access to compromise and takeover Java application...
SUSE-SU-2025:03236-1 Security update for java-1_8_0-ibm
This update for java-180-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 50. Security issues fixed: - Oracle July 15 2025 CPU bsc1247754. - CVE-2025-30749: heap corruption allows unauthenticated attacker with network access to compromise and takeover Java application...
Linux Distros Unpatched Vulnerability : CVE-2020-1898
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The fbunserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to...
Microsoft SharePoint Remote Code Execution Vulnerability
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...
H2O 代码问题漏洞
H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A code issue vulnerability exists in H2O version 3.47.0.99999, which stems from a deserialization issue that could lead to arbitrary code execution and system file reads...
python-cryptography: NULL-dereference when loading PKCS7 certificates
A null-pointer dereference vulnerability was found in python-cryptography during the loading of PKCS7 certificates. Invoking "loadpempkcs7certificates" or "loadderpkcs7certificates" can trigger this issue and lead to subsequent segmentation fault and result in a Denial of Service DoS for any...
PT-2025-34483 · Mahara · Mahara
Name of the Vulnerable Software and Affected Versions: Mahara versions 21.10 through 21.10.6 Mahara versions 22.04 through 22.04.4 Mahara versions 22.10 through 22.10.1 Description: The application deserializes user input unsafely during skin import. A specifically crafted XML file could lead to...
PT-2025-34476 · Unknown · Operamasks Sdk Elite Script Engine
Name of the Vulnerable Software and Affected Versions: OperaMasks SDK ELite Script Engine version 0.5.0 Description: OperaMasks SDK ELite Script Engine version 0.5.0 contains a deserialization vulnerability. Recommendations: At the moment, there is no information about a newer version that contai...
PT-2025-33895 · WordPress +1 · Redirection For Contact Form 7 +2
Name of the Vulnerable Software and Affected Versions: Redirection for Contact Form 7 plugin for WordPress versions prior to 3.2.5 Description: The Redirection for Contact Form 7 plugin for WordPress is susceptible to PHP Object Injection due to deserialization of untrusted input within the delet...
CVE-2025-53606
Deserialization of Untrusted Data vulnerability in Apache Seata incubating. This issue affects Apache Seata incubating: 2.4.0. Users are recommended to upgrade to version 2.5.0, which fixes the issue...
CVE-2025-53606
CVE-2025-53606 describes a Deserialization of Untrusted Data vulnerability in Apache Seata (incubating) affecting version 2.4.0 . The issue allows high-severity impact (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) with network-prioritized exploitation and no user interaction required. The recom...
Linux Distros Unpatched Vulnerability : CVE-2024-55636
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0...
CVE-2025-25692
A PHAR deserialization vulnerability in the getHeaders function of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request...
PT-2025-31455 · Absolute · Absolute Secure Access
Name of the Vulnerable Software and Affected Versions: Absolute Secure Access versions 12.01 through 13.55 Description: The management console of Absolute Secure Access is susceptible to an issue where attackers possessing administrative privileges can trigger the deserialization and execution of...
PT-2025-31058 · Yanyutao0402 · Chancms
Name of the Vulnerable Software and Affected Versions: yanyutao0402 ChanCMS versions through 3.1.2 Description: A critical vulnerability exists in yanyutao0402 ChanCMS. The getArticle function within the app/modules/cms/controller/collect.js file is susceptible to deserialization due to...
CVE-2025-54366 FreeScout's deserialization of untrusted data leads to Remote Code Execution
FreeScout is a lightweight free open source help desk and shared inbox built with PHP Laravel framework. In versions 1.8.185 and below, there is a critical deserialization vulnerability in the /conversation/ajax endpoint that allows authenticated users with knowledge of the APPKEY to achieve remo...
CVE-2025-43489
A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could deserialize untrusted data without validation. HP has addressed the issue in the latest software update...
CVE-2025-30949 WordPress Site Chat on Telegram plugin <= 1.0.4 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in Guru Team Site Chat on Telegram site-chat-on-telegram allows Object Injection.This issue affects Site Chat on Telegram: from n/a through = 1.0.4...
CVE-2025-31422 WordPress Visual Art | Gallery WordPress Theme <= 2.4 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in designthemes Visual Art | Gallery WordPress Theme visual-arts allows Object Injection.This issue affects Visual Art | Gallery WordPress Theme: from n/a through = 2.4...