Ech0 comment model's Email field returned on public /api/comments endpoints

Summary The Comment model serializes its Email field through the public comment-listing API. internal/model/comment/comment.go:33 uses json:"email", while adjacent PII fields IPHash, UserAgent correctly use json:"-". The public endpoints GET /api/comments?echoid=X and GET...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the error handling for parameters marshalling. An attacker can obtain sensitive service account tokens sent to the providers by accessing log files containing these credentials...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the error handling for parameters marshalling. An attacker can obtain sensitive service account tokens sent to the providers by accessing log files containing these credentials...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the error handling for parameters marshalling. An attacker can obtain sensitive service account tokens sent to the providers by accessing log files containing these credentials...

Linux Distros Unpatched Vulnerability : CVE-2021-20329

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object wit...

org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution

A security flaw exists in WildFly and JBoss Enterprise Application Platform EAP within the Enterprise JavaBeans EJB remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted...

org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution

A security flaw exists in WildFly and JBoss Enterprise Application Platform EAP within the Enterprise JavaBeans EJB remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted...

org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution

A security flaw exists in WildFly and JBoss Enterprise Application Platform EAP within the Enterprise JavaBeans EJB remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted...

org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution

A security flaw exists in WildFly and JBoss Enterprise Application Platform EAP within the Enterprise JavaBeans EJB remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted...

org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution

A security flaw exists in WildFly and JBoss Enterprise Application Platform EAP within the Enterprise JavaBeans EJB remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted...

org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution

A security flaw exists in WildFly and JBoss Enterprise Application Platform EAP within the Enterprise JavaBeans EJB remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted...

org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution

A security flaw exists in WildFly and JBoss Enterprise Application Platform EAP within the Enterprise JavaBeans EJB remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted...

CVE-2025-2251

A security flaw exists in WildFly and JBoss Enterprise Application Platform EAP within the Enterprise JavaBeans EJB remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted...

Philips IntelliSpace Portal 路径遍历漏洞

Philips IntelliSpace Portal is an advanced medical image analysis platform from Philips Netherlands that provides multimodal image processing and automated diagnostic tools. A path traversal vulnerability exists in Philips IntelliSpace Portal version 12 and earlier, which stems from the...

PT-2025-15255 · Philips · Intellispace Portal

Name of the Vulnerable Software and Affected Versions: IntelliSpace Portal versions 12 and prior Description: The issue arises from the exploitation of port 755 through the "Object Marshalling" technique, allowing an attacker to read internal files without authentication. This is possible by...

Important: Red Hat Security Advisory: Control plane Operators for RHOSO 18.0.3 (Feature Release 1) security update

Control plane Operators for RHOSO 18.0.3 Feature Release 1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link...

openSUSE: Security Advisory for python310 (SUSE-SU-2023:2884-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-5236 Infinispan: circular reference on marshalling leads to dos

A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service...

SUSE-SU-2023:2884-1 Security update for python310

This update for python310 fixes the following issues: - Make marshalling of set and frozenset deterministic bsc1211765 python310 was updated to 3.10.12: - urllib.parse.urlsplit now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to...

Fedora: Security Advisory for golang-github-gogo-protobuf (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...