17 matches found
CVE-2026-48207
Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...
CVE-2026-48207
Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...
CVE-2026-48207 Apache Fory: PyFory ReduceSerializer Incomplete Policy Enforcement
Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...
CVE-2026-48207 Apache Fory: PyFory ReduceSerializer Incomplete Policy Enforcement
Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...
CVE-2026-48207
CVE-2026-48207 affects Apache Fory: PyFory ReduceSerializer deserializes attacker-controlled data and could bypass DeserializationPolicy validation during reduce-state restoration and global-name resolution. Impact is high (CVSS 3.1: 9.8, CRITICAL, NETWORK/LOW/ NONE user interactions). The issue ...
Apache Fory 代码问题漏洞
Apache Fory is a serialization framework developed by the Apache Foundation. Versions of Apache Fory prior to 1.0.0 contained code vulnerabilities. These vulnerabilities stemmed from the ReduceSerializer in PyFory, which might bypass the DeserializationPolicy validation hook during state...
EUVD-2019-2130
Malware in sbrugna...
CVE-2019-10069
In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly...
Godot Remote Code Execution Vulnerability
Godot is a cross-platform game engine. The engine supports the creation of 2D and 3D games through a unified interface. A security vulnerability exists in Godot 3.1 and earlier versions, which stems from the program failing to properly apply a deserialization policy. A remote attacker could explo...
DEBIAN-CVE-2019-10069
In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly...
CVE-2019-10069
In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly...
CVE-2019-10069
In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly...
UBUNTU-CVE-2019-10069
In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly...
CVE-2019-10069
In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly...
CVE-2019-10069
In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly...
CVE-2019-10069
CVE-2019-10069 affects the Godot game engine (up to 3.1). The root cause is failure to properly apply a deserialization policy, enabling remote code execution over the network. The NVD metrics assign a high/critical severity (CVSS2: 7.5 HIGH with network access; CVSS3: 9.8 CRITICAL with network a...
PT-2019-11416 · Godot Engine +1 · Godot +1
Name of the Vulnerable Software and Affected Versions: Godot versions prior to 3.2 Description: The issue allows for remote code execution due to the deserialization policy not being applied correctly. Recommendations: For Godot versions prior to 3.2, update to version 3.2 or later to resolve the...