CVE-2025-60038

A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which...

MS SWIFT Deserialization RCE Vulnerability

This appears to be a security vulnerability report describing a remote code execution RCE exploit in the ms-swift framework through malicious pickle deserialization in adapter model files. The vulnerability allows arbitrary command execution when loading specially crafted adapter models from...

PT-2023-16621 · Software Ag · Webmethods Onedata

Name of the Vulnerable Software and Affected Versions: webMethods OneData version 10.11 Description: The issue allows an unauthenticated attacker with network connectivity to the Java RMI registry and RMI interface ports to abuse the functionality and instruct the webMethods OneData application t...

jackson-databind: improper polymorphic deserialization of types from Jodd-db library

A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using Jodd DB connection classes when using DefaultTyping. An attacker could use this flaw to achieve remote code execution under certain circumstances...