Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

CVE
CVEadded 2026/03/06 5:2 a.m.16 views

CVE-2026-28794

The CVE concerns oRPC and its @orpc/client package. Prior to v1.13.6, the RPC JSON deserializer in StandardRPCJsonSerializer can perform prototype pollution by injecting properties into Object.prototype via attacker-controlled paths in the data (notably through the maps and meta vectors). This vu...

9.8CVSS6.1AI score0.00871EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2026/03/02 9:43 p.m.3 views

GHSA-M272-9RP6-32MC `@orpc/client` has Prototype Pollution via `StandardRPCJsonSerializer` Deserialization

Summary A critical Prototype Pollution vulnerability exists in the RPC JSON deserializer of the @orpc/client package. The vulnerability allows unauthenticated, remote attackers to inject arbitrary properties into the global Object.prototype. Because this pollution persists for the lifetime of the...

9.3CVSS6.4AI score0.00871EPSS
Exploits1References4
CNNVD
CNNVDadded 2026/02/06 12:0 a.m.2 views

EPyT-Flow 代码问题漏洞

EPyT-Flow is an open-source Python package developed by ERC Synergy Grant Water Futures, designed for generating hydraulic and water quality scenario data for water distribution networks. Versions of EPyT-Flow prior to 0.16.1 contained code vulnerabilities. These vulnerabilities stemmed from the...

10CVSS6AI score0.00082EPSS
Exploits0References4
OSV
OSVadded 2025/12/05 1:12 p.m.3 views

OESA-2025-2788 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in django.core.serializers.xmlserializer.getInnerText allows a remote...

7.5CVSS6.7AI score0.00067EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/05/22 6:29 p.m.3 views

CVE-2021-29508

Due to how Wire handles type information in its serialization format, malicious payloads can be passed to a deserializer. e.g. using a surrogate on the sender end, an attacker can pass information about a different type for the receiving end. And by doing so allowing the serializer to create any...

9.1CVSS6.5AI score0.00451EPSS
Exploits1References1
0day.today
0day.todayadded 2017/11/27 12:0 a.m.397 views

JBOSSAS 5.x/6.x Deserializer Vulnerability

Exploit for java platform in category web applications JBOSSAS 5.x/6.x Deserializer Vulnerability https://access.redhat.com/security/cve/cve-2017-12149 CVE-2017-12149 It was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it...

7.5CVSS9.2AI score0.94294EPSS
Exploits14
0day.today
0day.todayadded 2017/11/27 12:0 a.m.72 views

JBOSSAS 4.x Deserializer Vulnerability

Exploit for java platform in category web applications JBOSSAS 4.x Deserializer Vulnerability The MITRE CVE dictionary describes this issue as: https://access.redhat.com/security/cve/cve-2017-7504 HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is...

7.5CVSS9.2AI score0.90282EPSS
Exploits5
Rows per page
Query Builder