Security Bulletin: IBM WebSphere Application Server is affected by a remote code execution vulnerability (CVE-2026-9319)

Summary IBM WebSphere Application Server is affected by a remote code execution vulnerability when using JAX-WS endpoints with WS-Security. Vulnerability Details CVEID:CVE-2026-9319 DESCRIPTION: IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to...

Security Bulletin: Vulnarability in commons-beanutils library (CVE-2019-10086) affects Power HMC.

Summary The commons-beanutils library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2019-10086 DESCRIPTION: In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability...

CVE-2026-45484

This CVE involves deserialization of untrusted data in Microsoft Office SharePoint, enabling an authorized attacker to elevate privileges over a network. Affected component: SharePoint (deserialization vulnerability cited in multiple sources). Root cause: improper handling of deserialized input l...

PT-2026-47129

Name of the Vulnerable Software and Affected Versions LearnPress – Backup & Migration Tool versions prior to 4.1.5 Description The plugin is susceptible to PHP Object Injection due to the deserialization of untrusted input. This allows authenticated attackers with administrator-level access or...

CVE-2026-9319

IBM WebSphere Application Server 9.0 and 8.5 are affected by a remote code execution vulnerability caused by deserialization of untrusted data via JAX-WS endpoints with WS-Security (CVE-2026-9319; CVSS v3.1 base score 9.0). This affects WebSphere AS 9.0 and 8.5. Remediation: apply the interim fix...

CVE-2026-9319 IBM WebSphere Application Server is affected by a remote code execution vulnerability

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security...

EUVD-2026-30321

DataHub is an open-source metadata platform. Prior to 1.5.0.3, The DataHub frontend datahub-frontend-react deserializes attacker-controlled Java objects from the REDIRECTURL HTTP cookie during the OIDC callback flow, with no integrity protection no HMAC, no encryption. This is a Deserialization o...

Deserialization of Untrusted Data

Overview ludwig is a Declarative machine learning: End-to-end machine learning pipelines using data-driven configurations. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the predict method. An attacker can execute arbitrary code by supplying a maliciousl...

Microsoft SharePoint Server Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

Deserialization of Untrusted Data

Overview org.apache.mina:mina-core is a network application framework which helps users develop high performance and high scalability network applications easily. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the resolveClass function in AbstractIoBuffe...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the RPC component. An attacker can execute arbitrary code by crafting a malicious StandardRpcRequest containing a harmful class type and sending it to the Master or Worker nodes. Details Serializati...

CVE-2026-32192

Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally...

PT-2026-32767

Name of the Vulnerable Software and Affected Versions Adobe Connect versions 2025.3 and 12.10 and earlier Description An issue involving Deserialization of Untrusted Data allows for arbitrary code execution in the context of the current user. This flaw can be exploited without requiring any user...

Deserialization of Untrusted Data

Overview monai is an AI Toolkit for Healthcare Imaging Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the algofrompickle function in monai/auto3dseg/utils.py. An attacker can execute arbitrary code by providing a crafted pickle file that is deserialized...

Deserialization of Untrusted Data

Overview nvidia-dali-cuda120 is a NVIDIA DALI for CUDA 12.0. Git SHA: a807a5a11d234580f6857bc4b3206ab8d7080f27 Affected versions of this package are vulnerable to Deserialization of Untrusted Data. An attacker can execute arbitrary code by providing specially crafted data to be deserialized...

Deserialization of Untrusted Data

Overview kedro is a Kedro helps you build production-ready data and analytics pipelines Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the logging.config.dictConfig function when user-controlled input is used for the logging configuration file path, whic...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to vulnerable PostgreSQL JDBC connection parameters not being blocked by default. An attacker can exploit this vulnerability by injecting dangerous JDBC parameters such as socketFactory, sslfactory,...

CVE-2026-24164

Summary: CVE-2026-24164 affects NVIDIA BioNeMo Framework. A deserialization of untrusted data could be exploited to achieve code execution, denial of service, information disclosure, or data tampering. The NVIDIA security bulletin states affected versions require updating to include commit e5e58c...

CVE-2026-25360

Deserialization of Untrusted Data vulnerability in rascals Vex vex allows Object Injection.This issue affects Vex: from n/a through 1.2.9...

CVE-2026-25032

Deserialization of Untrusted Data vulnerability in parkofideas Ricky ricky allows Object Injection.This issue affects Ricky: from n/a through 2.31...