CVE-2026-1323

CVE-2026-1323 highlights an insecure deserialization flaw in the TYPO3 mailqueue extension, specifically in the TransportFailure class. An attacker could execute untrusted serialized code, but an active exploit requires write access to the directory configured by $GLOBALS['TYPO3_CONF_VARS']['MAIL...

EUVD-2016-4720

Malware in sbrugna...

CVE-2024-43800

serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect may execute untrusted code. This issue is patched in serve-static 1.16.0...

GHSA-F866-M9MV-2XR3 Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data

Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by 1 serializing a...

Rundeck代码问题漏洞

Rundeck is an open source automation service with a Web console, command line tools, and WebAPI from Rundeck USA, which is primarily used to run automation tasks.A code issue vulnerability exists in Rundeck Enterprise Edition, which stems from the fact that an authenticated user can issue a POST...

CVE-2016-3699

The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd...