Lucene search
K

127 matches found

Snyk
Snyk
added 2026/06/01 10:29 a.m.8 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the scheduler-side deadline-reference decoder SerializedCustomReference.deserializereference. A DAG author whose code reaches the scheduler — the default on single-host deployments where the DAG...

7.3CVSS5.5AI score0.00651EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.4 views

PT-2026-24207

Name of the Vulnerable Software and Affected Versions Apache Java affected versions not specified Description A flaw exists related to the deserialization of untrusted data. This issue could allow a locally authenticated attacker to execute arbitrary code with administrative privileges by sending...

8.5CVSS6.2AI score0.00186EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/01/09 9:58 a.m.7 views

CVE-2020-7528

A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect V3.6.3.574 and prior which could allow arbitrary code execution when an attacker builds a custom .PRJ file containing a malicious serialized buffer...

7.8CVSS7.8AI score0.01357EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/06 12:0 a.m.5 views

Topal Finanzbuchhaltung 安全漏洞

Topal Finanzbuchhaltung is an accounting software from Topal Switzerland. A security vulnerability exists in Topal Finanzbuchhaltung version 10.1.5.20, which originates from deserializing untrustworthy data and could lead to remote code execution...

10CVSS7.8AI score0.00519EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-6094

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.01865EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/07/10 10:13 p.m.7 views

CVE-2025-49533

Adobe Experience Manager MS versions 6.5.23.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction. Scope is unchanged...

9.8CVSS7.9AI score0.44894EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/08 9:25 p.m.4 views

CVE-2025-27203 Adobe Connect | Deserialization of Untrusted Data (CWE-502)

Adobe Connect versions 24.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker. Exploitation of this issue does require user interaction and scope is changed...

9.6CVSS7.8AI score0.00989EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/20 6:47 a.m.7 views

Security Bulletin: IBM Cloud Pak for Data Object Injection due to YAML Parsing in RDoc gem (CVE-2024-27281)

Summary Potential vulnerabilities in rdoc module CVE-2024-27281 has been identified that may affect IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-27281 DESCRIPTION: An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in...

4.5CVSS8.5AI score0.01571EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/10 12:0 a.m.4 views

PT-2025-24655 · Loftocean · Loftocean Cozystay

Name of the Vulnerable Software and Affected Versions: LoftOcean CozyStay versions prior to 1.7.1 Description: The issue is related to Deserialization of Untrusted Data, which allows Object Injection. Recommendations: For versions prior to 1.7.1, update to version 1.7.1 or later to resolve the...

9.8CVSS9.2AI score0.00509EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/06/03 8:52 p.m.21 views

CVE-2025-48951 Auth0-PHP SDK Deserialization of Untrusted Data vulnerability

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. Versions 8.0.0-BETA3 prior to 8.3.1 contain a vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially...

9.3CVSS0.0062EPSS
Exploits0References5
OSV
OSV
added 2025/05/28 9:31 a.m.4 views

GHSA-98V7-XXXV-HCRH Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong's...

8.7CVSS7.4AI score0.00576EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/05/23 12:43 p.m.6 views

CVE-2025-32293 WordPress Finance Consultant theme <= 2.8 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in designthemes Finance Consultant finance allows Object Injection.This issue affects Finance Consultant: from n/a through = 2.8...

8.8CVSS8AI score0.00473EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/23 12:0 a.m.15 views

PT-2025-22677 · Ancorathemes · Ancorathemes Umberto

Name of the Vulnerable Software and Affected Versions: AncoraThemes Umberto versions 1.2.8 and earlier Description: The issue is related to Deserialization of Untrusted Data, which allows Object Injection. Recommendations: For versions 1.2.8 and earlier, update to a version that fixes this issue...

9.8CVSS9.1AI score0.00503EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 6:49 p.m.10 views

CVE-2021-42127

A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service...

9.8CVSS7.8AI score0.65833EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/05/19 12:0 a.m.6 views

PT-2025-22091 · WordPress · Grand Restaurant

Name of the Vulnerable Software and Affected Versions: Grand Restaurant WordPress versions 7.0 and earlier Description: The issue is related to Deserialization of Untrusted Data, which allows Object Injection. This can potentially lead to exploitation by injecting malicious objects into the...

9.8CVSS9.3AI score0.00396EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/05/12 4:7 p.m.16 views

CVE-2025-46738 Deserialization of Untrusted Data

An authenticated attacker can maliciously modify layout data files in the SEL-5033 installation directory to execute arbitrary code...

6.6CVSS0.00151EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/11 8:42 a.m.21 views

CVE-2025-32607 WordPress WpBookingly plugin <= 1.3.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in magepeopleteam WpBookingly service-booking-manager allows Object Injection.This issue affects WpBookingly: from n/a through = 1.3.0...

9.8CVSS0.00784EPSS
Exploits0References1
NVD
NVD
added 2025/04/08 8:15 p.m.18 views

CVE-2025-30285

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security protections...

8.4CVSS0.19687EPSS
Exploits0References1
CVE
CVE
added 2025/04/08 8:2 p.m.72 views

CVE-2025-30284

CVE-2025-30284 affects Adobe ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier. The issue is a Deserialization of Untrusted Data vulnerability that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction, and high privileges can be im...

8.4CVSS8.6AI score0.0174EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/04/08 8:2 p.m.111 views

CVE-2025-24447

CVE-2025-24447 affects Adobe ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier. The issue is a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution in the context of the current user, with a High impact on Confidentiality and Integrity . Exploitation ...

9.1CVSS9.4AI score0.01764EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder