Lucene search
K

5372 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-510 Qiskit allows arbitrary code execution decoding QPY format versions < 13

Impact A maliciously crafted QPY file can potentially execute arbitrary-code embedded in the payload without privilege escalation when deserializing QPY formats 13. A python process calling Qiskit's qiskit.qpy.load function could potentially execute any arbitrary Python code embedded in the corre...

9.8CVSS6AI score0.00741EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-511 Qiskit allows arbitrary code execution decoding QPY format versions < 13

Impact A maliciously crafted QPY file can potentially execute arbitrary-code embedded in the payload without privilege escalation when deserializing QPY formats 13. A python process calling Qiskit's qiskit.qpy.load function could potentially execute any arbitrary Python code embedded in the corre...

9.8CVSS6AI score0.00741EPSS
Exploits0References6
Veracode
Veracode
added 2026/06/26 9:30 a.m.7 views

Server-Side Request Forgery

jackson-databind is vulnerable to server-side request forgery SSRF. The vulnerability is due to eager DNS resolution during InetSocketAddress deserialization, where untrusted hostnames are resolved before application-level validation, allowing attackers to trigger arbitrary DNS requests by...

5.3CVSS5.9AI score0.00219EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/25 9:25 p.m.3 views

GHSA-W567-GJR2-HM5J MessagePack-CSharp: Unity unsafe blit formatter allocates from unbounded byte length

Summary UnsafeBlitFormatterBase.Deserialize reads an attacker-controlled byteLength from an extension payload and allocates an array based on that value before validating it against the extension header length or remaining payload bytes. The outer extension header is bounded by available input, b...

6.3CVSS5.9AI score0.00231EPSS
Exploits0References3
Metasploit
Metasploit
added 2026/06/25 7:5 p.m.164 views

Dalfox Found-Action Deserialization RCE

When dalfox version use exploit/linux/http/dalfoxserverrcecve202645087 msf exploitdalfoxserverrcecve202645087 show targets ...targets... msf exploitdalfoxserverrcecve202645087 set TARGET msf exploitdalfoxserverrcecve202645087 show options ...show and set options... msf...

10CVSS6.2AI score0.01051EPSS
Exploits2
Nuclei
Nuclei
added 2026/06/25 1:31 a.m.301 views

ElasticSearch - Remote Code Execution

ElasticSearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script to the Groovy scripting engine. id: CVE-2015-1427 info: name: ElasticSearch - Remote Code Execution author: pikpikcu...

9.8CVSS7.8AI score0.99906EPSS
Exploits19References5
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:36 p.m.5 views

CVE-2026-10043

MosaicML Composer Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MosaicML Composer. User interaction is required to exploit this vulnerability in that the target must visit a...

7.8CVSS6.4AI score0.00294EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/24 9:36 p.m.11 views

CVE-2026-10043

Technical details are not publicly available in the provided documents. Monitor for updates.

7.8CVSS7.6AI score0.00294EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/23 9:17 p.m.4 views

Incorrect Authorization

Overview com.fasterxml.jackson.core:jackson-databind is a library which contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. Affected versions of this package are vulnerable to Incorrect Authorization in the...

6.5CVSS5.8AI score0.00211EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 9:17 p.m.5 views

DEBIAN-CVE-2026-54515

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.8.0 until 2.18.9, 2.21.5, and 3.1.4, in BeanDeserializerBase.createContextual, per-property @JsonIgnoreProperties exclusions are applied by handleByNameInclusion, producing a...

5.3CVSS5.8AI score0.00345EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 9:17 p.m.4 views

UBUNTU-CVE-2026-54514

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution fo...

5.3CVSS5.9AI score0.00219EPSS
Exploits0References6
CVE
CVE
added 2026/06/23 8:53 p.m.114 views

CVE-2026-54513

CVE-2026-54513 affects jackson-databind. A vulnerability in BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray() allows bypass of per-element allowlists when deserializing arrays, if the array element type is not explicitly allowlisted, potentially enabling dangerous types like EvilType[...

8.1CVSS5.8AI score0.00677EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/23 8:48 p.m.6 views

CVE-2026-54516

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed...

5.3CVSS5.9AI score0.00282EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/06/22 9:14 p.m.25 views

CVE-2026-48511 MessagePack-CSharp: ExpandoObject formatter can perform quadratic insertion work on untrusted maps

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, ExpandoObjectFormatter.Deserialize populates System.Dynamic.ExpandoObject by calling IDictionary.Add for each map entry. ExpandoObject internally maintains member names in array-like structures, so inserting many...

6.3CVSS0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/21 7:30 a.m.37 views

CVE-2026-12787 zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 testConnection Endpoint deserialization

A vulnerability was found in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This affects an unknown part of the component testConnection Endpoint. The manipulation of the argument jdbcUrl results in deserialization. The attack may be performed from remote. The exploit has...

6.5CVSS0.00242EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.20 views

Astra Linux – Vulnerability in Apache Log4j1.2

In Log4j 1.2, the JMSAppender component is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide configurations for TopicBindingName and TopicConnectionFactoryBindingName, causing the JMSAppender to make JNDI reques...

7.5CVSS7.3AI score0.81147EPSS
Exploits9References2
Tenable Nessus
Tenable Nessus
added 2026/06/19 12:0 a.m.13 views

RHEL 9 : ruby:3.3 (RHSA-2026:26655)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26655 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management task...

8.1CVSS6.4AI score0.01131EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/18 9:43 a.m.7 views

CVE-2026-8024

A remote, unauthenticated attacker may exploit a deserialization of untrusted data vulnerability in ibaPDA or ibaDatCoordinator to gain full access to the affected systems...

9.8CVSS5.5AI score0.00553EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2026/06/18 9:43 a.m.14 views

CVE-2026-8024

The CVE-2026-8024 entry describes a deserialization vulnerability in the products ibaPDA and ibaDatCoordinator that can be exploited remotely by an unauthenticated attacker to gain full access to affected systems. The assessment notes a high-impact scenario affecting confidentiality, integrity, a...

9.8CVSS5.5AI score0.00553EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/18 9:43 a.m.8 views

EUVD-2026-37869

A remote, unauthenticated attacker may exploit a deserialization of untrusted data vulnerability in ibaPDA or ibaDatCoordinator to gain full access to the affected systems...

9.8CVSS5.5AI score0.00553EPSS
Exploits0References2
Rows per page
Query Builder