Lucene search
K

5372 matches found

Mageia
Mageia
added 2026/06/11 4:55 p.m.9 views

Updated erlang-hex_core & erlang-rebar3 packages fix security vulnerability

Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hexcore hexapi modules, hexpm hex mixhexapi modules, erlang rebar3 r3hexapi modules allows Object Injection, Excessive Allocation. This vulnerability is associated with program files src/hexapi.erl,...

7.5CVSS5.4AI score0.00576EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.13 views

Broadcom Layer7 API Gateway 代码问题漏洞

Broadcom Layer7 API Gateway is an enterprise-level API gateway platform provided by Broadcom Corporation. There are code-related vulnerabilities in the Broadcom Layer7 API Gateway. These vulnerabilities originate from the interaction between client applications and the API gateway server...

5.3CVSS6.2AI score0.00317EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2026/06/10 12:0 a.m.9 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory 2026-06-10: SECURITY-3707 / CVE-2026-53435: Deserialization vulnerability High SECURITY-3711+3755 / CVE-2026-53436, CVE-2026-53437: Open redirect vulnerability Medium SECURITY-3712 / CVE-2026-53438: Missing permission check allows canceling queue items Medium SECURITY-37...

8.8CVSS5.3AI score0.14907EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

VMware Spring for Apache Kafka 代码问题漏洞

VMware Spring for Apache Kafka is a Kafka messaging integration framework developed by VMware, Inc. Versions of VMware Spring for Apache Kafka prior to 4.0.0, as well as versions 3.3.0 and earlier, 3.2.0 and earlier, 2.9.0 and earlier, and 2.8.0 and earlier, contain code vulnerabilities. These...

8.1CVSS5.6AI score0.00489EPSS
Exploits0References1
Jenkins Security Advisories
Jenkins Security Advisories
added 2026/06/10 12:0 a.m.10 views

Deserialization vulnerability

Jenkins uses serialization and deserialization in multiple places, like agent/controller communication the Remoting library and to load and save configuration and build data using XStream. To protect from common deserialization vulnerabilities, Jenkins uses a custom deserialization filter that on...

8.8CVSS5.6AI score0.14907EPSS
Exploits2Affected Software1
EUVD
EUVD
added 2026/06/09 6:30 p.m.15 views

EUVD-2026-35530

Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network...

9.8CVSS5.7AI score0.01914EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.12 views

Nuance PowerScribe Remote Code Execution Vulnerability

Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network...

9.8CVSS5.7AI score0.01914EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/06/09 12:47 p.m.81 views

Exploit for Deserialization of Untrusted Data in Facebook React

React2ShellExploit CVE-2025-55182 I created simple react2she...

10CVSS7.3AI score0.99562EPSS
Exploits374
GithubExploit
GithubExploit
added 2026/06/09 11:16 a.m.66 views

Exploit for Deserialization of Untrusted Data in Microsoft

Security Deserialization CVE-2026-45659 Overview A HIGH...

8.8CVSS5.9AI score0.03219EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2026/06/09 9:36 a.m.18 views

CVE-2026-52903

A deserialization of untrusted data vulnerability was found in ManageIQ. The YamlLoadAliases module overrides YAML.safeload to silently fall back to YAML.unsafeload in production when a Psych::DisallowedClass error occurs. An authenticated attacker with dialog import access can exploit this to...

8.8CVSS6.4AI score
Exploits0References3
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.13 views

VMware Spring Framework 代码问题漏洞

VMware Spring Framework is an open-source Java and JavaEE application framework developed by VMware, Inc. This framework helps developers build high-quality applications. Versions of the VMware Spring Framework prior to 7.0.0, 6.2.0, 6.1.0, and 5.3.0 contain code vulnerabilities. These...

9.8CVSS5.7AI score0.00268EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.11 views

PT-2026-47966

Name of the Vulnerable Software and Affected Versions Microsoft Office SharePoint affected versions not specified Description Deserialization of untrusted data allows an authorized attacker to elevate privileges over a network, which can subsequently affect the system. Deserialization is the...

8.8CVSS7AI score0.01982EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.10 views

devalue 安全漏洞

devalue is an enhanced JavaScript object serialization library developed by Svelte. Versions of devalue from 5.6.3 to 5.8.1 contained a security vulnerability. This vulnerability stemmed from excessive memory allocation during the deserialization of sparse arrays, which could lead to excessive...

7.5CVSS5.4AI score0.00384EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/09 12:0 a.m.7 views

Deserialization of Untrusted Data

Overview org.springframework.security:spring-security-saml2-service-provider is a security component for the Spring Framework. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via deserialization of credential data stored in JdbcAssertingPartyMetadataRepositor...

7.3CVSS6.1AI score0.00198EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/08 5:16 p.m.14 views

CVE-2026-10532

A flaw was found in the logback-core component of QOS.CH Sarl logback. This deserialization of untrusted data vulnerability allows a remote attacker, by influencing serialized data sent to SimpleSocketServer or SimpleSSLSocketServer, to instantiate Proxy objects. Although heavily restricted by...

6.3CVSS5.6AI score0.00342EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.10 views

WordPress plugin LearnPress – Backup & Migration Tool 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.6CVSS5.8AI score0.0045EPSS
Exploits0References9
GithubExploit
GithubExploit
added 2026/06/05 11:9 p.m.73 views

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell CVE-2025-55182 Next.js: CVE-2025-66478Unauthenti...

10CVSS8AI score0.99562EPSS
Exploits388
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.11 views

CVE-2025-62233

Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module. This issue affects Apache DolphinScheduler: Version = 3.2.0 and 3.3.1. Attackers who can access the Master or Worker nodes can compromise the system by creating a StandardRpcRequest, injecting a malicious class...

6.3CVSS5.4AI score0.00537EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.11 views

CVE-2026-38950

An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files from session directories using torch.load with unrestricted deserialization...

7.8CVSS6AI score0.00144EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.27 views

CVE-2026-48207

Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...

9.8CVSS5.4AI score0.00574EPSS
Exploits0References1
Rows per page
Query Builder