Lucene search
K

55 matches found

OSV
OSV
added 2024/08/21 9:15 a.m.7 views

CVE-2024-5335

The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the ultimatestorekitcompareproducts cookie in versions up to ...

9.8CVSS6AI score0.00852EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.27 views

Pytorch-Lightning Security Vulnerability

Pytorch-Lightning is an open source lightweight PyTorch wrapper. It is used for high performance Ai research. A security vulnerability exists in Pytorch-Lightning version 2.2.1, which stems from mishandling of deserialized user input and mismanagement of the dunder attribute, leading to a remote...

9.8CVSS7.9AI score0.26488EPSS
Exploits3References2
NVD
NVD
added 2024/04/02 9:15 p.m.19 views

CVE-2024-27604

Alldata V0.4.6 is vulnerable to Command execution vulnerability. System commands can be deserialized...

9.8CVSS6.9AI score0.01038EPSS
Exploits0References1
OSV
OSV
added 2024/03/01 12:0 a.m.47 views

ASB-A-311687929

In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. This could lead to local denial of service when policies are deserialized on reboot with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS5.3AI score0.00147EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/01/25 6:12 p.m.55 views

CVE-2023-6267 Quarkus: json payload getting processed prior to security checks when rest resources are used with annotations.

A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed deserialized prior to the security constraints being evaluated and applied. This does not happen with configuration based security...

8.6CVSS9.5AI score0.00719EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/10/04 12:0 a.m.6 views

Redisson Code Issue Vulnerability

Redisson is a Java memory-resident data grid from Redisson open source. A code issue vulnerability exists in Redisson version 3.22.0, which stems from the fact that some messages received from a Redis server contain client-side deserialized Java objects without further validation, which can be...

9.6CVSS7.5AI score0.01036EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2023/04/14 12:0 a.m.42 views

FreeBSD : py39-celery -- command injection vulnerability (0a38a0d9-757f-4ac3-9561-b439e933dfa9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0a38a0d9-757f-4ac3-9561-b439e933dfa9 advisory. - This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored i...

7.5CVSS7.6AI score0.03877EPSS
Exploits1References4
Veracode
Veracode
added 2023/03/10 11:28 p.m.36 views

Denial Of Service (DoS)

log4j:log4j is vulnerable to Denial of Service DoS attacks. The vulnerability is due to the Chainsaw or SocketAppender components processing a logging entry with either a deeply nested hashmap or hashtable, which can lead to memory exhaustion when the object is deserialized. An attacker can submi...

7.5CVSS7.3AI score0.01905EPSS
Exploits0References2Affected Software3
F5 Networks
F5 Networks
added 2023/02/21 6:4 p.m.1105 views

K30518307: Java commons-collections library vulnerability CVE-2015-4852

Security Advisory Description CVE-2015-4852 Java applications that have an endpoint that accepts serialized Java objects, an attacker can combine serializable collections to create arbitrary remote code execution. Based on the FoxGlove, an attack can be done via RMI or HTTP. The vulnerability is...

9.8CVSS9.2AI score0.96032EPSS
Exploits17Affected Software17
Prion
Prion
added 2022/11/01 1:15 a.m.15 views

Design/Logic Flaw

lesspipe before 2.06 allows attackers to execute code via Perl Storable pst files, because of deserialized object destructor execution via a key/value pair in a hash...

7.5CVSS9.5AI score0.0115EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/11/01 12:0 a.m.58 views

CVE-2022-44542

CVE-2022-44542 affects lesspipe up to version 2.05; vulnerability arises from handling Perl Storable (pst) files where a crafted PST can trigger deserialized object destructor execution, enabling remote code execution. Impact is described as total compromise with high confidentiality, integrity, ...

9.8CVSS9.5AI score0.0115EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2022/10/19 12:0 a.m.3 views

GitHub Enterprise Server 代码问题漏洞

GitHub Enterprise Server is an open source application from Github in the United States. Provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions pri...

8.8CVSS7.9AI score0.01892EPSS
Exploits0References5
CNVD
CNVD
added 2022/04/29 12:0 a.m.18 views

WordPress Booking Calendar plugin代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. WordPress Booking Calendar plugin is vulnerable to a code issue that could be exploited by attackers...

8.8CVSS4.3AI score0.0171EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/04/27 12:0 a.m.6 views

WordPress plugin Booking Calendar 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. WordPress Booking Calendar plugin is vulnerable to a code issue that could be exploited by attackers...

8.8CVSS6.1AI score0.0171EPSS
Exploits2References4
FreeBSD
FreeBSD
added 2021/12/09 12:0 a.m.30 views

py39-celery -- command injection vulnerability

Snyk reports: This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends result stores. When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within ...

7.5CVSS8.1AI score0.03877EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/08/11 12:0 a.m.5 views

codeception 代码问题漏洞

codeception is an open source PHP full-stack testing framework. A security vulnerability exists in codeception, which stems from a problem with codeception from 4.0.0 and before 4.1.22 and before 3.1.3. The RunProcess class can be used as a gadget to run arbitrary commands on a system that can...

10CVSS8.4AI score0.02714EPSS
Exploits1References5
CNNVD
CNNVD
added 2020/12/23 12:0 a.m.7 views

Bitcoinsv Resource Management Error Vulnerability

Bitcoinsv is a software implementation of the original Bitcoin protocol by the Bitcoinsv Association. The software can be used to build Bitcoin infrastructure. A resource management error vulnerability exists in versions prior to Bitcoinsv 0.1.1 that allows uncontrolled resource consumption durin...

7.5CVSS7.1AI score0.01031EPSS
Exploits0References1
CNVD
CNVD
added 2020/01/21 12:0 a.m.2 views

Multiple Honeywell Products Code Issue Vulnerabilities

Honeywell Maxpro VMS & NVR is a Honeywell security solution. A code issue vulnerability exists in multiple Honeywell products, which can be exploited by a remote attacker to modify deserialized data without authentication by sending a specially crafted request to execute code...

9.8CVSS7.6AI score0.0221EPSS
Exploits0References1
CVE
CVE
added 2019/07/04 9:56 p.m.140 views

CVE-2019-13292

WebERP 4.15 is affected by CVE-2019-13292. Payments.php accepts payment data in base64, decodes it, deserializes it, and then directly inserts that data into a SQL query without sanitization, exposing a SQL injection vulnerability. The issue is documented across multiple sources (Red Hat, NVD, os...

9.8CVSS9.7AI score0.06509EPSS
Exploits1References1Affected Software1
Veracode
Veracode
added 2019/01/15 8:58 a.m.39 views

Arbitrary File Write

jbossweb is vulnerable to arbitrary file write attacks. The vulnerability exists as the readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to...

7.5CVSS8.3AI score0.12768EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder