PT-2026-29565

An unauthenticated remote code execution RCE vulnerability exists in applications that use the Replicator node package manager npm version 1.0.5 to deserialize untrusted user input and execute the resulting object...

CVE-2026-24165

NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering...

CVE-2026-3060

SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads without authentication...

CVE-2025-60210 WordPress Everest Forms - Frontend Listing plugin <= 1.0.5 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in wpeverest Everest Forms - Frontend Listing everest-forms-frontend-listing allows Object Injection.This issue affects Everest Forms - Frontend Listing: from n/a through = 1.0.5...

CVE-2025-54053 WordPress Groundhogg <= 4.2.2 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in Adrian Tobey Groundhogg allows Object Injection. This issue affects Groundhogg: from n/a through 4.2.2...

CVE-2023-37227

Loftware Spectrum before 4.6 HF13 Deserializes Untrusted Data...

CVE-2023-37227

Loftware Spectrum before 4.6 HF13 Deserializes Untrusted Data...

CVE-2023-37227

Loftware Spectrum is affected by a deserialization vulnerability in versions before 4.6 HF13. The issue involves deserializing untrusted data and, per CVSS data in the initial records, could allow a network-exposed attacker to achieve high impact on confidentiality, integrity, and availability (b...

Remote Code Execution (RCE)

Tablib is vulnerable to remote code execution RCE. The Databook functionality within Tablib deserializes untrusted data from yaml files when importing books, allowing attackers to execute python commands...