513 matches found
CVE-2021-28033
An issue was discovered in the bytestruct crate before 0.6.1 for Rust. There can be a drop of uninitialized memory if a certain deserialization method panics...
CVE-2021-31010
A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report tha...
CVE-2017-18365
The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a...
CVE-2020-12471
MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload, ModuleGallery.SilverLightUploadModule, HTML5Upload, and SilverLightUploadHandler...
CVE-2024-34274
OpenBD 20210306203917-6cbe797 is vulnerable to Deserialization of Untrusted Data. The cookies bdglobals and bdclientspot of the OpenBD software uses serialized data, which can be used to execute arbitrary code on the system. NOTE: This vulnerability only affects products that are no longer...
CVE-2021-27852
Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code. This issue affects: Checkbox Survey versions prior to 7...
CVE-2025-1556
A vulnerability, which was classified as problematic, has been found in westboy CicadasCMS 1.0. This issue affects some unknown processing of the file /system of the component Template Management. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has bee...
CVE-2025-15246
A vulnerability was determined in aizuda snail-job up to 1.7.0 on macOS. Affected by this vulnerability is the function FurySerializer.deserialize of the component API. This manipulation of the argument argsStr causes deserialization. Remote exploitation of the attack is possible. The exploit has...
(0Day) Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu VectorStar. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...
Tencent HunyuanDiT 代码问题漏洞
Tencent HunyuanDiT is a diffusion model from Tencent China. A code issue vulnerability exists in Tencent HunyuanDiT that stems from a lack of validation of user-supplied data in the modelresume function, which could lead to deserialization of untrusted data and remote code execution...
CVE-2025-64233 WordPress Codiqa theme < 1.2.8 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in BoldThemes Codiqa codiqa allows Object Injection.This issue affects Codiqa: from n/a through 1.2.8...
Security Bulletin: Vulnerability in OpenPrinting CUPS affects IBM Netezza Appliance
Summary The OpenPrinting CUPS package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-58060, CVE-2025-58364 Vulnerability Details CVEID:CVE-2025-58060 DESCRIPTION: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 Advanced Scanner 🚀 !Bashhttps://img.shields...
CLSA-2025-1765477018 cups: Fix of CVE-2025-58364
CVE-2025-58364: fix deserialization and validation issue in printer attributes to prevent null dereference...
CVE-2025-33213
NVIDIA Merlin Transformers4Rec for Linux contains a vulnerability in the Trainer component, where a user could cause a deserialization issue. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...
CVE-2025-33214
NVIDIA NVTabular for Linux contains a vulnerability in the Workflow component, where a user could cause a deserialization issue. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...
Security Bulletin: NVIDIA Merlin - December 2025
NVIDIA has released an update for Merlin to address a security issue that might lead to the impacts described in this bulletin. To protect your system, clone or update this software to include the following commits: Commit 5dd11f4 or later from NVIDIA Merlin/NVTabular Commit 876f19e or later from...
NutzBoot 代码问题漏洞
NutzBoot is an enterprise microservices framework open-sourced by Nutz. A code issue vulnerability exists in NutzBoot 2.6.0-SNAPSHOT and earlier versions, which stems from a misbehavior of the function getInputStream in the file HttpServletRpcEndpoint.java, which could lead to deserialization...
SIGB PMB 安全漏洞
SIGB PMB is an open source integrated library management system from SIGB. A security vulnerability exists in SIGB PMB version v8.0.1.14, which originates when the component cmsrest.php deserializes an arbitrary file, which could lead to the execution of arbitrary code...
PT-2025-47117
CVE-2025-65072 - Apache Struts Deserialization Vulnerability CVE ID : CVE-2025-65072 Published : Nov. 15, 2025, 4:15 a.m. | 58 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...