NVIDIA BioNeMo 代码问题漏洞

NVIDIA BioNeMo is a generative AI model development and training platform for the biomedical field developed by NVIDIA Corporation. NVIDIA BioNeMo has code vulnerabilities, which stem from the deserialization of unreliable data. These vulnerabilities may lead to code execution, denial of service,...

Metabase 代码问题漏洞

Metabase is an open-source data analysis platform developed by the American company Metabase. Code vulnerabilities existed in versions of Metabase Enterprise prior to 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10, and 1.59.4. These vulnerabilities stemmed from deserialization attacks at the...

WordPress plugin Morning Records 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress和WordPress plugin 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

Patch, track, repeat: The 2025 CVE retrospective

Welcome to this week's edition of the Threat Source newsletter. It's time to look back at a year that pushed the vulnerability landscape to new heights. I'll admit this retrospective is arriving a bit later than planned. With 48,196 CVEs in 2025 a stunning 132 vulnerabilities per day, the analysi...

WordPress plugin Grand Wedding 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

EUVD-2018-10174

Malware in sbrugna...

EUVD-2017-14953

Malware in sbrugna...

EUVD-2022-6166

Malicious code in bioql PyPI...

EUVD-2022-0628

Malicious code in bioql PyPI...

EUVD-2022-3272

Malicious code in bioql PyPI...

EUVD-2022-3473

Malicious code in bioql PyPI...

gadgetinspector

This is a Java-based tool for finding deserialization gadget chains in Java applications. The tool is called "Gadget Inspector" and is presented as a project that was showcased at Black Hat USA 2018. The tool is designed to automatically discover possible gadget chains in an application's...

PT-2025-24099

Name of the Vulnerable Software and Affected Versions Axiomthemes Sweet Dessert versions prior to 1.1.13 Description The issue is related to Deserialization of Untrusted Data, which allows Object Injection. This can potentially lead to security breaches. Recommendations For versions prior to...

Security Bulletin: Multiple security vulnerabilities affecting IBM Knowledge Catalog for IBM Cloud Pak for Data

Summary Multiple security vulnerabilities impacting IBM Knowledge Catalog for IBM Cloud Pak for Data. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-11393 DESCRIPTION: Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Executi...

Metasploit Wrap-Up 04/04/2025

New RCEs Metasploit added four new modules this week, including three that leverage vulnerabilities to obtain remote code execution RCE. Among these three, two leverage deserialization, showing that the exploit primitive is still going strong. The Tomcat vulnerability in particular CVE-2025-24813...

CVE-2024-12562 s2Member Pro <= 241216 - Unauthenticated PHP Object Injection

The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input from the 's2memberproremoteop' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No know...

CVE-2022-4815

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods...

CVE-2024-45852

Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with...

CVE-2024-12877 GiveWP – Donation Plugin and Fundraising Platform <= 3.19.2 - Unauthenticated PHP Object Injection

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 via deserialization of untrusted input from the donation form like 'firstName'. This makes it possible for unauthenticated attackers to...