5426 matches found
Gladinet CentreStack < 16.4.10315.56368 Use of Hard-coded Key Leads to Unauthenticated RCE
Gladinet CentreStack through 16.1.10296.56315 fixed in 16.4.10315.56368 has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors who know the machineKey to serialize a payload for server-side...
QVIS NVR/DVR - Remote Code Execution
QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization. id: CVE-2021-41419 info: name: QVIS NVR/DVR - Remote Code Execution author: me9187 severity: critical description: | QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java...
CVE-2026-50649
Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally...
CVE-2026-24227
NVIDIA TensorRT for contains a vulnerability where a user might cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution...
CVE-2026-24227
NVIDIA TensorRT for contains a vulnerability where a user might cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution...
CVE-2026-24220
NVIDIA TensorRT-LLM for any platform contains a vulnerability in visual gen server, where an attacker could cause an unsafe deserialization by unauthorized zeroMQ deserialization. A successful exploit of this vulnerability might lead to code execution...
CVE-2026-24220
NVIDIA TensorRT-LLM for any platform contains a vulnerability in visual gen server, where an attacker could cause an unsafe deserialization by unauthorized zeroMQ deserialization. A successful exploit of this vulnerability might lead to code execution...
CVE-2026-54118
Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network...
CVE-2026-54117
CVE-2026-54117 affects Microsoft SQL Server and is caused by deserialization of untrusted data, enabling an authorized attacker to execute code over a network. The CVSS v3.1 base score is 8.8 (HIGH) with network access, low attack complexity, and privileges required as LOW; impact to confidential...
.NET Remote Code Execution Vulnerability
Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally...
CVE-2026-12583
The Newsletters WordPress plugin before 4.15 does not prevent deserialization of untrusted input that is stored through a public form, allowing unauthenticated attackers to inject a PHP object and, via a property-oriented gadget chain bundled with the Newsletters WordPress plugin before 4.15, wri...
EUVD-2026-43627
The Newsletters WordPress plugin before 4.15 does not prevent deserialization of untrusted input that is stored through a public form, allowing unauthenticated attackers to inject a PHP object and, via a property-oriented gadget chain bundled with the Newsletters WordPress plugin before 4.15, wri...
PT-2026-58718
Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally...
Security Bulletin: NVIDIA TensorRT-LLM - July 2026
NVIDIA has released a software update for NVIDIA® TensorRT-LLM. To protect your system, clone or update this software from the NVIDIA/TensorRT-LLM GitHub repo. Go to NVIDIA Product Security. Details The following table summarizes the potential vulnerabilities that this security update addresses a...
CVE-2026-59521
Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC Real Testimonials testimonial-free allows Object Injection.This issue affects Real Testimonials: from n/a through = 3.1.15...
CVE-2026-59518
Deserialization of Untrusted Data vulnerability in wpWax Directorist directorist allows Object Injection.This issue affects Directorist: from n/a through = 8.8.2...
CVE-2026-57770
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Photography grandphotography allows Object Injection.This issue affects Grand Photography: from n/a through = 5.7.8...
CVE-2026-57738
Deserialization of Untrusted Data vulnerability in axiomthemes 777 triple-seven allows Object Injection.This issue affects 777: from n/a through = 1.13.0...
CVE-2026-57744
Deserialization of Untrusted Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Object Injection.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...
CVE-2026-57713
Deserialization of Untrusted Data vulnerability in Marcus aka @msykes Events Manager events-manager allows Object Injection.This issue affects Events Manager: from n/a through = 7.3.6...