5372 matches found
Updated erlang-hex_core & erlang-rebar3 packages fix security vulnerability
Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hexcore hexapi modules, hexpm hex mixhexapi modules, erlang rebar3 r3hexapi modules allows Object Injection, Excessive Allocation. This vulnerability is associated with program files src/hexapi.erl,...
Broadcom Layer7 API Gateway 代码问题漏洞
Broadcom Layer7 API Gateway is an enterprise-level API gateway platform provided by Broadcom Corporation. There are code-related vulnerabilities in the Broadcom Layer7 API Gateway. These vulnerabilities originate from the interaction between client applications and the API gateway server...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory 2026-06-10: SECURITY-3707 / CVE-2026-53435: Deserialization vulnerability High SECURITY-3711+3755 / CVE-2026-53436, CVE-2026-53437: Open redirect vulnerability Medium SECURITY-3712 / CVE-2026-53438: Missing permission check allows canceling queue items Medium SECURITY-37...
VMware Spring for Apache Kafka 代码问题漏洞
VMware Spring for Apache Kafka is a Kafka messaging integration framework developed by VMware, Inc. Versions of VMware Spring for Apache Kafka prior to 4.0.0, as well as versions 3.3.0 and earlier, 3.2.0 and earlier, 2.9.0 and earlier, and 2.8.0 and earlier, contain code vulnerabilities. These...
Deserialization vulnerability
Jenkins uses serialization and deserialization in multiple places, like agent/controller communication the Remoting library and to load and save configuration and build data using XStream. To protect from common deserialization vulnerabilities, Jenkins uses a custom deserialization filter that on...
EUVD-2026-35530
Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network...
Nuance PowerScribe Remote Code Execution Vulnerability
Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network...
Exploit for Deserialization of Untrusted Data in Facebook React
React2ShellExploit CVE-2025-55182 I created simple react2she...
Exploit for Deserialization of Untrusted Data in Microsoft
Security Deserialization CVE-2026-45659 Overview A HIGH...
CVE-2026-52903
A deserialization of untrusted data vulnerability was found in ManageIQ. The YamlLoadAliases module overrides YAML.safeload to silently fall back to YAML.unsafeload in production when a Psych::DisallowedClass error occurs. An authenticated attacker with dialog import access can exploit this to...
VMware Spring Framework 代码问题漏洞
VMware Spring Framework is an open-source Java and JavaEE application framework developed by VMware, Inc. This framework helps developers build high-quality applications. Versions of the VMware Spring Framework prior to 7.0.0, 6.2.0, 6.1.0, and 5.3.0 contain code vulnerabilities. These...
PT-2026-47966
Name of the Vulnerable Software and Affected Versions Microsoft Office SharePoint affected versions not specified Description Deserialization of untrusted data allows an authorized attacker to elevate privileges over a network, which can subsequently affect the system. Deserialization is the...
devalue 安全漏洞
devalue is an enhanced JavaScript object serialization library developed by Svelte. Versions of devalue from 5.6.3 to 5.8.1 contained a security vulnerability. This vulnerability stemmed from excessive memory allocation during the deserialization of sparse arrays, which could lead to excessive...
Deserialization of Untrusted Data
Overview org.springframework.security:spring-security-saml2-service-provider is a security component for the Spring Framework. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via deserialization of credential data stored in JdbcAssertingPartyMetadataRepositor...
CVE-2026-10532
A flaw was found in the logback-core component of QOS.CH Sarl logback. This deserialization of untrusted data vulnerability allows a remote attacker, by influencing serialized data sent to SimpleSocketServer or SimpleSSLSocketServer, to instantiate Proxy objects. Although heavily restricted by...
WordPress plugin LearnPress – Backup & Migration Tool 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Exploit for Deserialization of Untrusted Data in Facebook React
React2Shell CVE-2025-55182 Next.js: CVE-2025-66478Unauthenti...
CVE-2025-62233
Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module. This issue affects Apache DolphinScheduler: Version = 3.2.0 and 3.3.1. Attackers who can access the Master or Worker nodes can compromise the system by creating a StandardRpcRequest, injecting a malicious class...
CVE-2026-38950
An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files from session directories using torch.load with unrestricted deserialization...
CVE-2026-48207
Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...