Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2026/06/01 9:16 a.m.5 views

PYSEC-2026-185

A bug in Apache Airflow's XCom PATCH endpoint PATCH /api/v2/xcomEntries/key allowed an authenticated UI/API user with XCom write permission on a Dag to set XCom entries under reserved key names e.g. returnvalue that the matching POST endpoint already validated against FORBIDDENXCOMKEYS. The...

8.8CVSS5.8AI score0.0056EPSS
Exploits0References3
Gitee
Giteeadded 2025/09/14 6:53 p.m.100 views

fastjson-remote-code-execute-poc

This is a Java-based proof-of-concept PoC exploit for a remote code execution RCE vulnerability in the FastJSON library, version 1.2.24. The exploit is designed to be used with IntelliJ IDEA, a popular integrated development environment IDE for Java development. The exploit consists of two main...

8.1AI score
Exploits0
Cvelist
Cvelistadded 2025/03/14 1:4 p.m.13 views

CVE-2025-2000 Qiskit SDK code execution

A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats 13. A python process calling Qiskit 0.18.0 through 1.4.1's qiskit.qpy.load function could potentially execute any arbitrary Python code embedded ...

9.8CVSS0.00741EPSS
Exploits0References1
OSV
OSVadded 2024/12/06 9:24 p.m.10 views

GHSA-3HPF-FF72-J67P shared_preferences_android vulnerability

Impact Due to some data types not being natively representable for the available storage options, sharedpreferencesandroid serializes and deserializes special string prefixes to store these unrepresentable data types. This allows arbitrary classes to be deserialized leading to arbitrary code...

3CVSS7.6AI score
Exploits0References3
GithubExploit
GithubExploitadded 2024/03/11 10:14 a.m.157 views

Exploit for Generation of Error Message Containing Sensitive Information in Microsoft

Leaking and Exploiting ObjRefs via HTTP .NET Remoting CVE-2...

7.5CVSS6.8AI score0.98832EPSS
Exploits1
wpexploit
wpexploitadded 2023/12/14 12:0 a.m.915 views

Slider Revolution < 6.6.19 - Author+ Insecure Deserialization leading to RCE

Description The plugin does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Code Execution. 1. Make sure to configure the plugin so Authors can access its settings 2. Create a new slider. 3. Save and export...

8.8CVSS7.3AI score0.0137EPSS
Exploits2
PyPA
PyPAadded 2020/12/17 4:15 p.m.5 views

PYSEC-2020-49

DISPUTED jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must no...

9.8CVSS8.4AI score0.06101EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder