Lucene search
K

26664 matches found

CVE
CVE
added 5 days ago14 views

CVE-2026-55153

CVE-2026-55153 affects mchange-commons-java before 0.6.0, where the JNDI ObjectFactory (com.mchange.v2.naming.JavaBeanObjectFactory) constructs arbitrary JavaBean properties, enabling JNDI injection and deserialization gadget abuse in some classes. An example is setting a Swing JEditorPane’s cont...

7.1CVSS5.9AI score0.00327EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago4 views

CVE-2026-55153

mchange-commons-java is a Java library of shared utility classes used by mchange projects like the c3p0 connection pool. Prior to version 0.6.0, its JNDI ObjectFactory implementation com.mchange.v2.naming.JavaBeanObjectFactory will construct objects of arbitrary classes and initialize...

7.1CVSS5.9AI score0.00327EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-55153 mchange-commons-java contains elements susceptible to abuse via JNDI injection and "deserialization gadgets"

mchange-commons-java is a Java library of shared utility classes used by mchange projects like the c3p0 connection pool. Prior to version 0.6.0, its JNDI ObjectFactory implementation com.mchange.v2.naming.JavaBeanObjectFactory will construct objects of arbitrary classes and initialize...

7.1CVSS0.00327EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-14265 RCE via Deserialization in AWS Advanced JDBC Wrapper

Deserialization of untrusted data in the RemoteQueryCachePlugin in Amazon Web Services AWS Advanced JDBC Wrapper 3.3.0 through 4.0.0 might allow an actor with write access to the shared cache infrastructure to execute arbitrary code on application servers that read cached query results via a...

7.7CVSS0.00407EPSS
Exploits0References3
CVE
CVE
added 5 days ago24 views

CVE-2026-14265

The CVE affects AWS Advanced JDBC Wrapper (AWR) RemoteQueryCachePlugin versions 3.3.0–4.0.0. Deserialization of untrusted data via ObjectInputStream without class filtering when reading cached query results from Redis or Valkey enables gadget-chain execution, allowing arbitrary code execution on ...

7.7CVSS6.3AI score0.00407EPSS
Exploits0References3
NVD
NVD
added 5 days ago7 views

CVE-2026-57516

Ray prior to 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader that allows attackers to achieve remote code execution by supplying a malicious tar archive to the readwebdataset function. The defaultdecoder function in webdatasetdatasource.py unconditionally calls...

8.8CVSS0.00483EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-57516

Ray prior to 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader that allows attackers to achieve remote code execution by supplying a malicious tar archive to the readwebdataset function. The defaultdecoder function in webdatasetdatasource.py unconditionally calls...

8.8CVSS6.6AI score0.00483EPSS
Exploits0References6
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-41089

Ray prior to 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader that allows attackers to achieve remote code execution by supplying a malicious tar archive to the readwebdataset function. The defaultdecoder function in webdatasetdatasource.py unconditionally calls...

8.8CVSS6.6AI score0.00483EPSS
Exploits0References5
CVE
CVE
added 5 days ago15 views

CVE-2026-57516

Ray prior to 2.56.0 is affected via the WebDataset reader flaw in which _default_decoder() deserializes tar entries using pickle.loads for .pkl/.pickle and torch.load for .pt/.pth, enabling remote code execution inside Ray remote workers when processing a malicious tar archive. Affected component...

8.8CVSS6.6AI score0.00483EPSS
Exploits0References5
NVD
NVD
added 5 days ago6 views

CVE-2026-58025

Deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/WikiImporter.Php, includes/Import/WikiRevision.Php, includes/Logging/LogEntryBase.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4,...

5.9CVSS0.00342EPSS
Exploits0References1
NVD
NVD
added 5 days ago10 views

CVE-2026-24247

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS0.00169EPSS
Exploits0References3
NVD
NVD
added 5 days ago9 views

CVE-2026-24249

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS0.00164EPSS
Exploits0References3
NVD
NVD
added 5 days ago9 views

CVE-2026-24244

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS0.00154EPSS
Exploits0References3
NVD
NVD
added 5 days ago9 views

CVE-2026-24243

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS0.00175EPSS
Exploits0References3
NVD
NVD
added 5 days ago9 views

CVE-2026-24245

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS0.00154EPSS
Exploits0References3
NVD
NVD
added 5 days ago9 views

CVE-2026-24240

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS0.00165EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 5 days ago4 views

CVE-2026-58025

Deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/WikiImporter.Php, includes/Import/WikiRevision.Php, includes/Logging/LogEntryBase.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4,...

5.9CVSS5.8AI score0.00342EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-58025 Remote Code Execution via Unsafe Deserialization in LogItem Import

Deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/WikiImporter.Php, includes/Import/WikiRevision.Php, includes/Logging/LogEntryBase.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4,...

5.9CVSS0.00342EPSS
Exploits0References1
CVE
CVE
added 5 days ago11 views

CVE-2026-58025

CVE-2026-58025 describes a deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki. Affected are MediaWiki versions before 1.46.0, including 1.45.4, 1.44.6, and 1.43.9. The issue is linked to deserialization in files: includes/Import/WikiImporter.Php, includes/Import/Wik...

5.9CVSS5.8AI score0.00342EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago4 views

CVE-2026-24249

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS5.9AI score0.00164EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder