Lucene search
K

58 matches found

CVE
CVE
added 2026/05/16 3:26 p.m.20 views

CVE-2021-47952

CVE-2021-47952 affects python jsonpickle 2.0.0 and describes a remote code execution vulnerability through deserialization of JSON payloads containing py/repr objects. The attack leverages directives that invoke eval during deserialization to execute system commands and arbitrary code, with high-...

9.8CVSS6.7AI score0.00696EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.11 views

Jsonpickle 代码注入漏洞

Jsonpickle is a software developed by the individual who created Jsonpickle, designed for Python to serialize Python objects into JSON format. Version 2.0.0 of jsonpickle contains a code injection vulnerability. This vulnerability stems from deserialization issues, allowing attackers to execute...

9.8CVSS6.2AI score0.00696EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.12 views

PT-2026-41450

Name of the Vulnerable Software and Affected Versions jsonpickle version 2.0.0 Description An issue exists where attackers can execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. This occurs because crafted JSON strings with py/repr directives ca...

9.8CVSS6.1AI score0.00696EPSS
Exploits0References15
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-23928

Malicious code in bioql PyPI...

5.7CVSS6.6AI score0.00153EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-22083

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode function. Note: It has been argued that...

9.8CVSS9.4AI score0.06101EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/08/09 12:23 a.m.12 views

CVE-2025-55136

ERC aka Emotion Recognition in Conversation through 0.3 has insecure deserialization via a serialized object because jsonpickle is used...

5.7CVSS6.8AI score0.00153EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/07 12:0 a.m.4 views

Emotion Recognition in Coversation 代码问题漏洞

Emotion Recognition in Coversation is an application by the individual developer Taewoon Kim. A code issue vulnerability exists in Emotion Recognition in Coversation version 0.3 and earlier, which stems from the use of jsonpickle leading to unsafe deserialization...

5.7CVSS6.9AI score0.00153EPSS
Exploits0References1
CVE
CVE
added 2025/08/07 12:0 a.m.18 views

CVE-2025-55136

ERC (Emotion Recognition in Conversation) up to version 0.3 is affected by insecure deserialization via jsonpickle when handling serialized objects. The vulnerability arises from unsafe deserialization in the serialization path. Public mentions in Red Hat, NVD, OSV, and PT-Security records confir...

5.7CVSS6.5AI score0.00153EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/07 12:0 a.m.4 views

CVE-2025-55136

ERC aka Emotion Recognition in Conversation through 0.3 has insecure deserialization via a serialized object because jsonpickle is used...

5.7CVSS6.5AI score0.00153EPSS
Exploits0References1
OSV
OSV
added 2025/08/07 12:0 a.m.5 views

CVE-2025-55136

ERC aka Emotion Recognition in Conversation through 0.3 has insecure deserialization via a serialized object because jsonpickle is used...

5.7CVSS6.3AI score0.00153EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/07 12:0 a.m.7 views

PT-2025-32270 · Erc · Erc

Name of the Vulnerable Software and Affected Versions: ERC aka Emotion Recognition in Conversation versions through 0.3 Description: ERC aka Emotion Recognition in Conversation is susceptible to insecure deserialization due to the use of jsonpickle when handling serialized objects. Recommendation...

5.7CVSS6.2AI score0.00153EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/08/07 12:0 a.m.10 views

CVE-2025-55136

ERC aka Emotion Recognition in Conversation through 0.3 has insecure deserialization via a serialized object because jsonpickle is used...

5.7CVSS0.00153EPSS
Exploits0References1
Snyk
Snyk
added 2025/07/06 11:42 p.m.3 views

Deserialization of Untrusted Data

Overview llama-index is an Interface between LLMs and your data Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JsonPickleSerializer process. An attacker can execute arbitrary code by submitting specially crafted serialized data that triggers the...

7.5CVSS7.8AI score0.00417EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/07/06 12:0 a.m.6 views

LlamaIndex 安全漏洞

LlamaIndex is a data framework for LLM applications from the LlamaIndex open source. A security vulnerability exists in LlamaIndex versions 0.12.27 to 0.12.40, which stems from insecure deserialization of the JsonPickleSerializer component and could lead to remote code execution...

7.5CVSS5.9AI score0.00417EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/01/28 12:0 a.m.4 views

PT-2025-4790 · Nuclio +1 · Nuclio +1

Name of the Vulnerable Software and Affected Versions: Computer Vision Annotation Tool CVAT versions prior to 2.26.0 Description: The issue allows an attacker with an account on an affected CVAT instance to run arbitrary code in the context of the Nuclio function container. This affects CVAT...

8.7CVSS7.5AI score0.00483EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2024/12/12 12:0 a.m.6 views

The vulnerability of the mobile device registration and mobile application deployment mechanism of Splunk Secure Gateway, a platform for operational analytics in Splunk Enterprise, arises from deficiencies in the deserialization mechanism. This allows attackers to execute arbitrary code.

The vulnerability of the mobile device registration and mobile application deployment mechanism of Splunk Secure Gateway, a platform for operational analytics in Splunk Enterprise, is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to...

9CVSS6AI score0.01084EPSS
Exploits0References3Affected Software2
Positive Technologies
Positive Technologies
added 2024/11/19 12:0 a.m.10 views

PT-2024-9365 · Splunk · Splunk Secure Gateway App +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.3.2 Splunk Enterprise versions prior to 9.2.4 Splunk Enterprise versions prior to 9.1.7 Splunk Secure Gateway app versions prior to 3.4.261 Splunk Secure Gateway app versions prior to 3.7.13 Description:...

9CVSS7.8AI score0.01084EPSS
Exploits0References22
SUSE CVE
SUSE CVE
added 2023/02/15 3:54 a.m.1 views

SUSE CVE-2020-22083

jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used...

9.8CVSS8.4AI score0.06101EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2022/05/24 5:36 p.m.3 views

abdelrahman-obfuscate (>=1.0.0 <=1.0.1), abdo (=2.0.0) +188 more potentially affected by CVE-2020-22083 via jsonpickle (>=0.7.1 <=1.4.2)

jsonpickle PYPI version =0.7.1, =1.0.0, =2.0.0, =0.1.2, =4.0.0, =1.1.4, =2.4.0, =2.5.0 - apimaticcalculatorlatest =4.0.0 - apimaticcalculatorpythonv6demo =1.0.2 and more Source cves: CVE-2020-22083 Source advisory: OSV:GHSA-J66Q-QMRC-89RX...

9.8CVSS7.2AI score0.06101EPSS
Exploits1
OSV
OSV
added 2022/05/24 5:36 p.m.7 views

GHSA-J66Q-QMRC-89RX jsonpickle unsafe deserialization

jsonpickle through 1.4.2 allows remote code execution during deserialization of a malicious payload through the decode function. This CVE is disputed by the project author as intended functionality...

9.8CVSS6.4AI score0.06101EPSS
Exploits1References10
Rows per page
Query Builder