Lucene search
K

27005 matches found

NVD
NVD
added yesterday7 views

CVE-2026-50649

Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally...

7.8CVSS
Exploits0References1
CVE
CVE
added yesterday4 views

CVE-2026-59889

CVE-2026-59889 affects jackson-databind. UnwrappedPropertyHandler.processUnwrapped replays buffered JSON for a @JsonUnwrapped property and may bypass @JsonView guards during deserialization, enabling writes from attacker JSON under a less-privileged active view. Fixed in 2.18.9, 2.21.5, 2.22.1, 3...

6.5CVSS6.1AI score
Exploits0References4
NVD
NVD
added yesterday2 views

CVE-2026-50509

Deserialization of untrusted data in Windows Wireless Wide Area Network Service allows an authorized attacker to elevate privileges locally...

7.8CVSS
Exploits0References1
CVE
CVE
added yesterday31 views

CVE-2026-45077

CVE-2026-45077 concerns Symfony’s server:log listener (part of Symfony\Bridge\Monolog) which binds to 0.0.0.0:9911 by default and processes each frame with unserialize(base64_decode($message)) without authentication or an allowed-classes allowlist. This permits any reachable host to submit attack...

8.3CVSS6.1AI score0.01261EPSS
Exploits0References6
NVD
NVD
added yesterday3 views

CVE-2026-55009

Deserialization of untrusted data in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally...

7.8CVSS
Exploits0References1
NVD
NVD
added yesterday13 views

CVE-2026-54118

Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network...

8.8CVSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-54117

Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network...

8.8CVSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-50522

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network...

9.8CVSS
Exploits0References1
NCSC
NCSC
added yesterday4 views

Vulnerabilities in SAP-products

SAP has identified vulnerabilities in the following SAP NetWeaver Application Server ABAP, SAP Approuter, SAP Commerce Cloud, SAP NetWeaver Application Server Java, SAProuter, SAP Change and Transport System Attach Tool, SAP NetWeaver Enterprise Portal, SAP S/4HANA modules, SAP Fiori Launchpad, S...

9.9CVSS7.1AI score0.01339EPSS
Exploits7
Nuclei
Nuclei
added yesterday102 views

VMware Aria Operations for Logs - Unauthenticated Remote Code Execution

VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root. id: CVE-2023-20864 info: name: VMware Aria Operations for Logs - Unauthenticated Remo...

9.8CVSS7.4AI score0.70423EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday18 views

QVIS NVR/DVR - Remote Code Execution

QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization. id: CVE-2021-41419 info: name: QVIS NVR/DVR - Remote Code Execution author: me9187 severity: critical description: | QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java...

9.8CVSS7.2AI score0.08517EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday74 views

Cacti < 1.2.25 Insecure Deserialization

Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. id: CVE-2023-30534 info: name: Cacti 1.2.25 Insecure Deserialization author: k0pak4 severity: medium description: | Cacti is an open source...

4.3CVSS6.7AI score0.02569EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday21 views

TYPO3 ceselector Extension - Insecure Deserialization

TYPO3 extension contains a PHP Object Injection caused by passing attacker-controlled cookie to unserialize without validation, letting remote unauthenticated attackers achieve remote code execution, exploit requires Persistent Mode: Static configuration. id: CVE-2026-46725 info: name: TYPO3...

9.2CVSS6.2AI score0.02306EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday32 views

Qwik - Unauthenticated RCE via server$ Deserialization

Qwik =1.19.0 contains an insecure deserialization vulnerability in the server$ RPC mechanism, letting unauthenticated attackers execute arbitrary code remotely, exploit requires require availability at runtime. id: CVE-2026-27971 info: name: Qwik - Unauthenticated RCE via server$ Deserialization...

9.8CVSS6.3AI score0.04632EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday16 views

Apache Tomcat Tribes EncryptInterceptor Bypass - Remote Code Execution

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. id: CVE-2026-34486 info: name: Apache Tomcat Tribes EncryptInterceptor Bypass - Remote...

7.5CVSS7AI score0.21691EPSS
Exploits6References3
Nuclei
Nuclei
added yesterday23 views

OpenAM <= 16.0.5 - Pre-Auth RCE via jato.clientSession Deserialization

Open Access Management OpenAM is an access management solution. Prior to 16.0.6, OpenIdentityPlatform OpenAM is vulnerable to pre-authentication Remote Code Execution RCE via unsafe Java deserialization of the jato.clientSession HTTP parameter. This bypasses the WhitelistObjectInputStream...

10CVSS7.2AI score0.99999EPSS
Exploits10References2
Nuclei
Nuclei
added yesterday183 views

Apache OFBiz < 17.12.07 - Arbitrary Code Execution

Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack id: CVE-2021-29200 info: name: Apache OFBiz 17.12.07 - Arbitrary Code Execution author: your3cho severity: critical description: | Apache OFBiz has unsafe deserialization prior to...

9.8CVSS7.1AI score0.5537EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday28 views

FasterXML jackson-databind - Deserialization Remote Code Execution

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig aka ibatis-sqlmap. This vulnerability allows attackers to execute arbitrary code through deserialization of...

9.8CVSS7.3AI score0.18671EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday63 views

XStream 1.4.18 - Remote Code Execution

XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...

8.5CVSS7AI score0.16118EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday86 views

XStream 1.4.18 - Arbitrary Code Execution

XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...

8.5CVSS7AI score0.143EPSS
Exploits0References5
Rows per page
Query Builder