CVE-2026-5507 Session Cache Restore — Arbitrary Free via Deserialized Pointer

When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the...

📄 LINQPad File Overwrite

This Metasploit module exploits a bug in LINQPad up to version 5.48.00. The bug is only exploitable in the paid version of software. The core of the bug is a cache file containing deserialized data, which an attacker can overwrite with a malicious payload. The data gets deserialized every time th...

EUVD-2022-35592

Malicious code in bioql PyPI...

HP Poly Clariti Manager 安全漏洞

HP Poly Clariti Manager is a centralized management, control, and optimization software for video conferencing infrastructure from Hewlett-Packard HP in the United States. A security vulnerability exists in HP Poly Clariti Manager versions prior to 10.12.1 that originates from unverified...

vLLM 操作系统命令注入漏洞

vLLM is a vLLM open source high throughput and memory efficient inference and service engine for LLM. An operating system command injection vulnerability exists in vLLM version 0.6.0, which stems from a failure to clean up deserialized data in the AsyncEngineRPCServer function, which could lead t...

Hitachi Vantara Pentaho Business Analytics Server 代码问题漏洞

Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration and business analytics platform from Hitachi, Ltd Hitachi, Japan. A code issue vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server that stems from the presence of unverified deserialized...

npm-serialize-javascript: Cross-site Scripting (XSS) in serialize-javascript

A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by...

WordPress plugin Team Rosters 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

GitHub Enterprise Server 代码问题漏洞

GitHub Enterprise Server is an open source application from Github in the United States. Provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions pri...

WordPress Booking Calendar plugin代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. WordPress Booking Calendar plugin is vulnerable to a code issue that could be exploited by attackers...

WordPress plugin Booking Calendar 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. WordPress Booking Calendar plugin is vulnerable to a code issue that could be exploited by attackers...

Multiple Honeywell Products Code Issue Vulnerabilities

Honeywell Maxpro VMS & NVR is a Honeywell security solution. A code issue vulnerability exists in multiple Honeywell products, which can be exploited by a remote attacker to modify deserialized data without authentication by sending a specially crafted request to execute code...

OSIsoft PI Data Archive Denial of Service Vulnerability (CNVD-2018-05303)

OSIsoft PI Data Archive is an efficient storage and archiving component that enables high performance data retrieval through client software. A denial-of-service vulnerability exists in OSIsoft PI Data Archive 2017 and prior versions, which can be exploited by an unauthenticated attacker to modif...

CVE-2016-1291

Cisco Prime Infrastructure 1.2.0 through 2.22 and Cisco Evolved Programmable Network Manager EPNM 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192...

CVE-2016-1291

Cisco Prime Infrastructure 1.2.0 through 2.22 and Cisco Evolved Programmable Network Manager EPNM 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192...