CVE-2025-15117 Dromara Sa-Token SaJdkSerializer.java ObjectInputStream.readObject deserialization

A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization. The attack may be launched remotely. This attack is characterized by high complexity. It is...

CVE-2025-56816

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. The configuration file handling of the application allows attackers to upload arbitrary YAML files to the config/jdbc-driver-ext.yml path. The application parses this file using SnakeYAML's unsafe load or loadAs method without input...

The vulnerability of the Laravel Octane package for the PHP framework Laravel allows a hacker to execute arbitrary code.

The vulnerability of the Laravel Octane package for the Laravel PHP framework is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2024-9070

A deserialization vulnerability exists in BentoML's runner server in bentoml/bentoml versions =1.3.4.post1. By setting specific parameters, an attacker can execute unauthorized arbitrary code on the server, causing severe harm. The vulnerability is triggered when the args-number parameter is...

The vulnerability of the Ivanti EPM endpoint management software, related to defects in the deserialization mechanism, allows a hacker to execute remote code.

The vulnerability of the Ivanti EPM endpoint management software is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to execute remote code...

The vulnerability of the Kibana data visualization service, related to deficiencies in the deserialization mechanism, allows attackers to execute arbitrary code.

The vulnerability of the Kibana data visualization service is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created YAML document...

PT-2024-3272 · Intel · Intel Thunderbolt Dch Drivers

Name of the Vulnerable Software and Affected Versions: IntelR ThunderboltTM DCH drivers for Windows versions prior to 88 Description: The issue is related to deserialization weaknesses in the IntelR ThunderboltTM DCH drivers for Windows. It may allow an authenticated user to potentially enable a...

The vulnerability of the com.google.code.gson:gson library, which allows a attacker to perform a type of attack known as a “Denial-of-Service” (DoS) attack.

The vulnerability of the com.google.code.gson:gson library is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow a remote attacker to execute a DoS attack...

The vulnerability of the ProjectInstance class in the Microsoft Exchange Server mail server allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the ProjectInstance class in Microsoft Exchange Server involves deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

The vulnerability in the Splunk Web interface of the Splunk Enterprise operating analysis platform allows a perpetrator to execute arbitrary code.

The vulnerability of the Splunk Web platform for operational analysis in Splunk Enterprise is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted request...

PT-2023-6952 · Microsoft · Exchange Server

Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server affected versions not specified Description: The issue is related to a deserialization mechanism weakness in Microsoft Exchange Server, specifically with the SerializationTypeConverter class, which can lead to...

Weak Deserializer

org.apache.dubbo:dubbo and com.alibaba:dubbo are using weak deserializers. An attacker is able to provoke the library to use a weak deserializer to be used by tampering with the byte preamble flags, not following the server's instruction...

The vulnerability of the ColdFusion interpreter, related to deficiencies in the deserialization mechanism, allows attackers to execute arbitrary code.

The vulnerability of the ColdFusion interpreter is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...

PT-2018-3325 · Fasterxml +1 · Jackson-Databind +1

Name of the Vulnerable Software and Affected Versions: jackson-databind affected versions not specified Description: The issue is related to weaknesses in the deserialization mechanism of the jackson-databind library. Exploitation of this issue may allow a remote attacker to execute arbitrary cod...