Linux Distros Unpatched Vulnerability : CVE-2021-47952

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSO...

PT-2026-41133

Name of the Vulnerable Software and Affected Versions devalue affected versions not specified Description The devalue.parse function may allocate excessive memory when deserializing sparse arrays due to specific behaviors in some JavaScript engines. This can lead to high memory consumption...

GHSA-FPF5-4JW8-67X8 rust-zserio has Unbounded Memory Allocation

Impact When deserializing arrays, strings or bytes blob types zserio first reads the size of the variable, and then allocates sufficient memory to load data. Since the size is always trusted this can be abused by creating a data file with a large size value, causing the zserio runtime to allocate...

CVE-2026-3059

SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads without authentication...

WordPress plugin Dentario 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

EUVD-2026-9037

Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hexcore hexapi modules, hexpm hex mixhexapi modules, erlang rebar3 r3hexapi modules allows Object Injection, Excessive Allocation. This vulnerability is associated with program files src/hexapi.erl,...

OpenText Directory Services 代码问题漏洞

OpenText Directory Services OTDS is an information management solution provided by the Canadian company OpenText. It integrates OpenText products and solutions with the company’s enterprise directory infrastructure. There were code vulnerabilities in OpenText Directory Services OTDS versions 10.5...

(0Day) Hugging Face smolagents Remote Python Executor Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face smolagents. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of pickle data. The issue results from the lack of proper validation...

CVE-2025-55182

A flaw was found in the React Server Components RSC protocol in which an attacker could send a malicious package to a Server Function endpoint and cause unauthenticated remote code execution. This is possible due to the way the affected packages deserialized untrusted data...

WordPress plugin WP Store Locator 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

EUVD-2009-1104

Malware in sbrugna...

SAMSUNG DMS 安全漏洞

SAMSUNG DMS is a data management server from Samsung South Korea. A security vulnerability exists in SAMSUNG DMS that originates from deserializing untrusted data, which could lead to the execution of arbitrary code...

NVIDIA Nemo Framework 代码问题漏洞

NVIDIA Nemo Framework is a framework for building and deploying generative AI models from NVIDIA. A code issue vulnerability exists in the NVIDIA Nemo Framework, which stems from the fact that deserializing untrusted data could lead to remote code execution and data tampering...

H2O 代码问题漏洞

H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A code issue vulnerability exists in H2O version 3.46.0.4, which stems from deserializing untrusted data and could lead to remote code execution...

dotnet: Denial of Service in System.Text.Json

A flaw was found in dotnet. In System.Text.Json, applications that deserialize input to a model with an ExtensionData property can be vulnerable to an algorithmic complexity attack, resulting in a denial of service...

Arbitrary File Read

org.apache.inlong: manager-pojo is vulnerable to Arbitrary File Read. The vulnerability is caused due to lack of validation performed while deserializing untrusted data. An attacker can perform an arbitrary file read using mysql driver...

CVE-2023-28579 Buffer Copy Without Checking Size of Input in WLAN Host

Memory Corruption in WLAN Host while deserializing the input PMK bytes without checking the input PMK length...

CVE-2023-24971

IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 could allow a user to cause a denial of service due to the deserializing of untrusted serialized Java objects. IBM X-Force ID: 246976...

CVE-2023-24971 IBM B2B Advanced Communication denial of service

IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 could allow a user to cause a denial of service due to the deserializing of untrusted serialized Java objects. IBM X-Force ID: 246976...

WordPress plugin ImageMagick Engine 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...