CVE-2026-47161 RELATE Vulnerable to Remote Code Execution (RCE) via Insecure Celery Pickle Deserialization

RELATE is a web-based courseware package. Prior to commit d66ba5659b459bf1ba56b7109b5f9ecf197cbefb, RELATE LMS configures its Celery workers to accept and deserialize untrusted 'pickle' data. An attacker who can reach the message broker can execute arbitrary commands on the host server. Combined...

CVE-2026-3989

SGLangs replayrequestdump.py contains an insecure pickle.load without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script...

CVE-2026-25873

OmniGen2-RL contains an unauthenticated remote code execution vulnerability in the reward server component that allows remote attackers to execute arbitrary commands by sending malicious HTTP POST requests. Attackers can exploit insecure pickle deserialization of request bodies to achieve code...

CVE-2026-25873

OmniGen2-RL contains an unauthenticated remote code execution vulnerability in the reward server component that allows remote attackers to execute arbitrary commands by sending malicious HTTP POST requests. Attackers can exploit insecure pickle deserialization of request bodies to achieve code...

CVE-2026-25873

The CVE-2026-25873 entry concerns OmniGen2-RL, specifically the reward-server component. The vulnerability is an unauthenticated remote code execution via insecure pickle deserialization of HTTP POST request bodies, enabling an attacker to execute arbitrary commands on the host running the expose...

OmniGen2 代码问题漏洞

OmniGen2 is a model for command-driven image editing, open-sourced by VectorSpaceLab. OmniGen2 has a code vulnerability that stems from insecure pickle deserialization in the reward server component, which may lead to remote code execution...

EUVD-2026-11561

SGLangs replayrequestdump.py contains an insecure pickle.load without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script...

GHSA-HVWJ-8W5G-28RG SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization

SGLangs replayrequestdump.py contains an insecure pickle.load without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script...

PT-2026-24943

SGLangs replay request dump.py contains an insecure pickle.load without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script...

Tendenci code issues and vulnerabilities

Tendenci is a software solution developed by the Tendenci company in the United States, primarily used for managing associations of non-profit organizations and institutions. This software supports functions such as member management, content management, event management, and online donation...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in deepdiff-8.5.0-py3-none-any.whl

Summary IBM Watson Discovery Cartridge contains a vulnerable version of deepdiff-8.5.0-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-58367 DESCRIPTION: DeepDiff is a project focused on Deep Difference and search of any Python data. Versions 5.0.0 through 8.6.0 are vulnerable to class...

CVE-2025-58367

A class pollution flaw has been discovered in the python DeepDiff library. Class pollution via the Delta class constructor, and when combined with a gadget available in DeltaDiff, it can lead to Denial of Service and Remote Code Execution via insecure Pickle deserialization exploitation. The gadg...

DEBIAN-CVE-2025-58367

DeepDiff is a project focused on Deep Difference and search of any Python data. Versions 5.0.0 through 8.6.0 are vulnerable to class pollution via the Delta class constructor, and when combined with a gadget available in DeltaDiff, it can lead to Denial of Service and Remote Code Execution via...

CVE-2025-58367 DeepDiff is vulnerable to DoS and Remote Code Execution via Delta class pollution

DeepDiff is a project focused on Deep Difference and search of any Python data. Versions 5.0.0 through 8.6.0 are vulnerable to class pollution via the Delta class constructor, and when combined with a gadget available in DeltaDiff, it can lead to Denial of Service and Remote Code Execution via...

CVE-2025-58367

DeepDiff is a project focused on Deep Difference and search of any Python data. Versions 5.0.0 through 8.6.0 are vulnerable to class pollution via the Delta class constructor, and when combined with a gadget available in DeltaDiff, it can lead to Denial of Service and Remote Code Execution via...

DeepDiff Class Pollution in Delta class leading to DoS, Remote Code Execution, and more

Summary Python class pollution is a novel vulnerability categorized under CWE-915. The Delta class is vulnerable to class pollution via its constructor, and when combined with a gadget available in DeltaDiff itself, it can lead to Denial of Service and Remote Code Execution via insecure Pickle...

Deserialization of Untrusted Data

Overview skops is an A set of tools to push scikit-learn based models to and pull from Hugging Face Hub Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the getmodel function due to insecure pickle loading. An attacker can execute arbitrary code by supplyi...

CVE-2023-32321

CKAN is an open-source data management system for powering data hubs and data portals. Multiple vulnerabilities have been discovered in Ckan which may lead to remote code execution. An arbitrary file write in resourcecreate and packageupdate actions, using the ResourceUploader object. Also...

python: local privilege escalation via the multiprocessing forkserver start method

A vulnerability found in Python. The flaw occurs when used with the forkserver start method on Linux. The Python multiprocessing library allows Python pickles to be deserialized from any user in the same machine's local network namespace in many system configurations, which means any user on the...