Cross-site Scripting (XSS)

Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper serialization of hydratable promises. An attacker can execute arbitrary scripts in the context of the affected application by supplying specially...

EUVD-2020-28852

Malware in sbrugna...

PT-2025-32945 · Unknown · Autocaliweb

Name of the Vulnerable Software and Affected Versions: Autocaliweb versions prior to 0.8.3 Description: Autocaliweb is a web application that provides an interface for browsing, reading, and downloading eBooks using a Calibre database. The debug pack generated by Autocaliweb can expose sensitive...

The vulnerability of the check_for_locks() function in the fs/nfsd/nfs4state.c module of the Linux kernel-based NFS file system allows a attacker to trigger a service failure.

The vulnerability of the checkforlocks function in the fs/nfsd/nfs4state.c module of the Linux kernel-based Network File System server is related to improper checking of serialization. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

CVE-2022-42334

CVE-2022-42334 concerns the Xen hypervisor: a mis-handling in the HVM cache attributes interface used to override defaults for passed‑through devices. The root cause described across connected sources is unbounded control region creation and a lack of proper serialization for installation/removal...

Race condition

Improper serialization of message queue client registration can lead to race condition allowing multiple gunyah message clients to register with same label in Snapdragon Connectivity, Snapdragon Mobile...

CVE-2021-35095

CVE-2021-35095 is a Qualcomm/Qualcomm-derived issue affecting Snapdragon components (Snapdragon Connectivity and Snapdragon Mobile) where improper serialization of message queue client registrations can cause a race condition, allowing multiple gunyah message clients to register with the same lab...

MongoDB 3.6 < 3.6.18, 4.0 < 4.0.15, 4.2 < 4.2.3, 4.3 < 4.3.3 Improper Serialization Vulnerability - Linux

MongoDB is prone to an improper serialization vulnerability in the authorization subsystem. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

MongoDB 3.6 < 3.6.18, 4.0 < 4.0.15, 4.2 < 4.2.3, 4.3 < 4.3.3 Improper Serialization Vulnerability - Windows

MongoDB is prone to an improper serialization vulnerability in the authorization subsystem. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

UBUNTU-CVE-2020-7921

Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2 versions prior to 4.2.3...