Lucene search
+L

5432 matches found

Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-57774

Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Photography grandphotography allows Object Injection.This issue affects Grand Photography: from n/a through = 5.7.8...

9.8CVSS6.1AI score0.00313EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-57766

Deserialization of Untrusted Data vulnerability in axiomthemes 777 triple-seven allows Object Injection.This issue affects 777: from n/a through = 1.13.0...

9.8CVSS6.1AI score0.00386EPSS
Exploits0References3
NVD
NVD
added 2026/07/10 1:16 p.m.10 views

CVE-2026-54469

Dell Unisphere for PowerMax, versions 10.3.0.5 and prior, contains a Deserialization of Untrusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges...

8.8CVSS0.00452EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/10 12:14 p.m.36 views

CVE-2026-54469

Dell Unisphere for PowerMax, versions 10.3.0.5 and prior, contains a Deserialization of Untrusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges...

8.8CVSS0.00452EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/08 8:32 a.m.9 views

Security Bulletin: Denial of Service Vulnerability in jackson-core affect IBM Cloud Pak System[WS-2022-0468]

Summary Denial of Service Vulnerability in jackson-core was addressed in IBM Cloud Pak System version 2.3.6.0 and IBM Cloud Pak System version 2.3.5.1 BYOH on power. Vulnerability Details ID:WS-2022-0468 DESCRIPTION: The jackson-core package is vulnerable to a Denial of Service DoS attack. The...

6AI score
Exploits0Affected Software3
RedhatCVE
RedhatCVE
added 2026/07/08 6:30 a.m.7 views

CVE-2026-43866

A flaw was found in Apache Camel JMS components. A remote attacker can exploit a deserialization vulnerability by sending a specially crafted ObjectMessage to a queue or topic consumed by an affected Camel application. This bypasses existing security checks, allowing the attacker to inject...

8.1CVSS6AI score0.00504EPSS
Exploits2References4
Cvelist
Cvelist
added 2026/07/08 6:0 a.m.34 views

CVE-2026-12378 BookingPress <= 1.1.28 - Unauthenticated PHP Object Injection

The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin through 1.1.28 does not validate data before passing it to a PHP deserialization function, allowing unauthenticated attackers to inject arbitrary PHP objects; where a suitable gadget chain is present on the site this c...

0.00389EPSS
Exploits0References1
CVE
CVE
added 2026/07/08 6:0 a.m.10 views

CVE-2026-12378

The CVE-2026-12378 entry concerns the WordPress plugins BookingPress/Appointment Booking Calendar (up to version 1.1.28). The vulnerability arises from unsafely passing input to a PHP deserialization function, enabling unauthenticated attackers to inject arbitrary PHP objects with a suitable gadg...

8.1CVSS6.2AI score0.00389EPSS
Exploits0References1
CVE
CVE
added 2026/07/07 9:20 a.m.91 views

CVE-2026-33264

CVE-2026-33264 involves a vulnerability in Apache Airflow where a bug in BaseSerialization.deserialize() permits unrestricted import_string() of attacker-controlled class paths during loading of a serialized DAG, enabling remote code execution on the API Server/Scheduler process and potentially c...

9.8CVSS6.7AI score0.01649EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/07/06 9:16 a.m.13 views

CVE-2026-43867

Deserialization of Untrusted Data vulnerability in Apache Camel PQC Component. The camel-pqc component persists post-quantum key metadata KeyMetadata through pluggable KeyLifecycleManager implementations. AwsSecretsManagerKeyLifecycleManager.deserializeMetadata reads that metadata back from the...

9.8CVSS0.00691EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/07/06 8:24 a.m.34 views

CVE-2026-43867 Apache Camel: Camel-PQC: The AWS Secrets Manager key-lifecycle manager deserializes persisted key metadata with java.io.ObjectInputStream and no ObjectInputFilter

Deserialization of Untrusted Data vulnerability in Apache Camel PQC Component. The camel-pqc component persists post-quantum key metadata KeyMetadata through pluggable KeyLifecycleManager implementations. AwsSecretsManagerKeyLifecycleManager.deserializeMetadata reads that metadata back from the...

0.00691EPSS
Exploits1References1
OSV
OSV
added 2026/07/06 7:55 a.m.5 views

CVE-2026-43865 Apache Camel: Camel-Hazelcast: Unsafe Java deserialization in default-configured managed Hazelcast instances enables remote code execution

Deserialization of Untrusted Data vulnerability in Apache Camel Hazelcast component. The camel-hazelcast component creates and manages Hazelcast instances using a default configuration that applies no Java deserialization filter. When Camel builds the Hazelcast Config itself - that is, when no...

8.1CVSS6.2AI score0.00804EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/07/06 7:55 a.m.38 views

CVE-2026-42527 Apache Camel: Permissive default ObjectInputFilter pattern admits java.net.** and enables DNS-based information disclosure

Deserialization of Untrusted Data vulnerability in Apache Camel. The default ObjectInputFilter pattern shipped with several Apache Camel components for defense-in-depth deserialization filtering 'java.;javax.;org.apache.camel.;!', or the no-'javax.' variant in the aggregation-repository component...

0.00546EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.11 views

PT-2026-55885

Name of the Vulnerable Software and Affected Versions Apache Camel versions 3.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An issue exists in the Apache Camel JMS component where the JmsBinding.extractBodyFromJms function i...

7.3CVSS6.2AI score0.00504EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.18 views

PT-2026-55883

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.14.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An issue exists where the default ObjectInputFilter pattern used for deserialization filtering in...

8.1CVSS6.1AI score0.00546EPSS
Exploits1References7
CVE
CVE
added 2026/07/05 7:45 a.m.21 views

CVE-2026-14723

The vulnerability CVE-2026-14723 affects AD-Security AD_Miner 1.9.0. It resides in the Cache Handler, specifically the analyse_cache.py file’s function request_a. Manipulating the argument sys.argv[1] leads to deserialization, enabling a local exploit. Public details note that exploitation is loc...

5.3CVSS5.8AI score0.00121EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/04 5:30 p.m.34 views

CVE-2026-14637 kirilkirkov Ecommerce-CodeIgniter-Bootstrap ShoppingCart.php getCartItems deserialization

A security vulnerability has been detected in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 13fd582aaf49aeab7438acc0fc3eb973a1f5e6a7. The affected element is the function getCartItems in the library application/libraries/ShoppingCart.php. The manipulation of the argument shoppingcart leads to...

8.8CVSS0.00598EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/04 5:30 p.m.11 views

EUVD-2026-41684

A security vulnerability has been detected in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 13fd582aaf49aeab7438acc0fc3eb973a1f5e6a7. The affected element is the function getCartItems in the library application/libraries/ShoppingCart.php. The manipulation of the argument shoppingcart leads to...

8.8CVSS6.6AI score0.00598EPSS
Exploits0References7
Snyk
Snyk
added 2026/07/04 3:12 a.m.8 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the makelabel function in the reduce method. An attacker can execute arbitrary commands by crafting...

8.1CVSS6.2AI score0.003EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/04 3:12 a.m.8 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the asyncio.unixevents.UnixSubprocessTransport.start function. An attacker can execute arbitrary commands...

8.1CVSS6.2AI score0.00555EPSS
Exploits0References2
Rows per page
Query Builder