QVIS NVR/DVR - Remote Code Execution

QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization. id: CVE-2021-41419 info: name: QVIS NVR/DVR - Remote Code Execution author: me9187 severity: critical description: | QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java...

ManageEngine OpManager SumPDU 12.1 - 12.5.232 - Java Deserialization

Zoho ManageEngine OpManager Stable build before 125203 and Released build before 125233 allows Remote Code Execution via the Smart Update Manager SUM servlet. id: CVE-2020-28653 info: name: ManageEngine OpManager SumPDU 12.1 - 12.5.232 - Java Deserialization author: iamnoooob,pdresearch severity:...

GHSA-5HH8-Q8HV-FR38 jackson-databind has @JsonView bypass for setterless creator properties

Summary In BeanDeserializer.deserializeUsingPropertyBased, the active-view @JsonView filter was applied only to creator properties; the regular property-buffering branch performed no prop.visibleInViewactiveView check. A change making SetterlessProperty.isMerging return true routed setterless...

GHSA-HGJ6-7826-R7M5 jackson-databind: InetSocketAddress deserialization triggers eager DNS resolution (SSRF)

Summary JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution for hostname inputs at deserialization time. An application that binds untrusted JSON into a type containing an InetSocketAddress field issues an...

Oracle PeopleSoft Unauthenticated Java Deserialization SSRF / RCE (CVE-2026-35273)

Binary data oraclepeoplesoftssrfcve202635273.nbin...

ManageEngine Desktop Central Java Deserialization

Zoho ManageEngine Desktop Central before 10.0.474 is vulnerable to a deserialization of untrusted data, which permits remote code execution. id: CVE-2020-10189 info: name: ManageEngine Desktop Central Java Deserialization author: king-alexander severity: critical description: | Zoho ManageEngine...

CVE-2026-6009

Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution RCE, potentially allowing code execution on the affected system...

DEBIAN-CVE-2026-47065

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

CVE-2026-6009

Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution RCE, potentially allowing code execution on the affected system...

UBUNTU-CVE-2026-6009

Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution RCE, potentially allowing code execution on the affected system...

EUVD-2026-30962

Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution RCE, potentially allowing code execution on the affected system...

CVE-2026-6009

Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution RCE, potentially allowing code execution on the affected system...

CVE-2026-6009

CVE-2026-6009 is a Java deserialization vulnerability in the Jaspersoft Reports Library that can lead to Remote Code Execution (RCE) on affected systems. The cited sources describe the issue as a Java Deserialisation Vulnerability, but do not specify affected versions, vulnerable components withi...

Jaspersoft Reports Library 代码问题漏洞

Jaspersoft Reports Library is a Java report engine developed by Jaspersoft Corporation in the United States. It can generate reports in various formats such as PDF, HTML, Excel, and Word. There is a code vulnerability in Jaspersoft Reports Library, which stems from a Java deserialization issue...

PT-2026-41987

Name of the Vulnerable Software and Affected Versions Jaspersoft Reports Library affected versions not specified Description A Java deserialization issue exists in the Jaspersoft Reports Library. This flaw can lead to Remote Code Execution RCE, which is a type of attack where an attacker can...

Java Deserialisation

net.sf.jasperreports, jasperreports is vulnerable to Java Deserialization. The vulnerability is due to insecure deserialization of untrusted input, which allows an attacker to remotely execute arbitrary code on systems using the affected library...

Exploit for Deserialization of Untrusted Data in Cisco Secure_Firewall_Management_Center

🚨 CVE-2026-20131 | Cisco FMC Critical RCE Unauthenticat...

CVE-2026-41586

Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject and exposes deSerializeChannel which call ObjectInputStream.readObject on untrusted byte arrays without...

CVE-2026-41586

Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject and exposes deSerializeChannel which call ObjectInputStream.readObject on untrusted byte arrays without...

PT-2026-37132

Name of the Vulnerable Software and Affected Versions Hyperledger Fabric versions 1.0.0 through 2.2.26 Description In the deprecated fabric-sdk-java client SDK, the Channel.java file implements readObject and exposes the deSerializeChannel function, both of which call ObjectInputStream.readObject...