Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/05/01 7:21 a.m.2 views

CVE-2026-7584 Arbitrary Code Execution via Unsafe Deserialization in LabOne Q

The LabOne Q serialization framework uses a class-loading mechanism importcls to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target...

8.4CVSS6.3AI score0.00256EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/01 7:21 a.m.34 views

CVE-2026-7584 Arbitrary Code Execution via Unsafe Deserialization in LabOne Q

The LabOne Q serialization framework uses a class-loading mechanism importcls to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target...

8.4CVSS0.00256EPSS
Exploits0References1
PyPA
PyPA
added 2024/08/22 8:15 p.m.8 views

PYSEC-2024-192

An issue was discovered in llamaindex before 0.10.38. download/integration.py includes an exec call for import clsname...

8.8CVSS7AI score0.00528EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2018/11/30 4:51 a.m.23 views

Remote Code Execution (RCE)

yoast/wordpress-seo is vulnerable to remote code execution. An SEO Manager is able to execute arbitrary OS commands via a ZIP import through a race condition vulnerability in unzipfile in admin/import/class-import-settings.php...

6.6CVSS7.4AI score0.03205EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder