EUVD-2023-33660

Malicious code in bioql PyPI...

EUVD-2024-31891

Malicious code in bioql PyPI...

CVE-2024-3301

An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to post-authentication remote code execution...

CVE-2024-3300

An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution...

CVE-2024-3300 Pre-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024

An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution...

CVE-2023-2141 Unsafe .NET object deserialization affecting DELMIA Apriso Release 2017 through Release 2022

An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution...

dotnet: Parsing an empty HTTP response as a JSON.NET JObject causes a stack overflow and crashes a process

A vulnerability was found in dotnet. This flaw occurs when parsing an empty HTTP response as a JSON.NET JObject that causes a stack overflow and crashes a process...

Remote Code Execution (RCE)

kentico is vulnerable to remote code execution RCE. Failure to validate security headers allow an attacker to bypass authentication and perform unsafe deserialization using a malicious .NET object input, which would lead to remote code execution on the server...

CVE-2019-9875

Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter...

Deserialization of untrusted data

An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to...

CVE-2019-10068

Kentico CMS is affected by a remote code execution vulnerability (CVE-2019-10068) due to insecure .NET object deserialization during staging service processing. Affected versions include Kentico 12.0.x before 12.0.15, 11.x before 11.0.48, 10.x before 10.0.52, and 9.x. The issue can be triggered v...

CVE-2018-15122

An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object such as DLL or EXE with an embedded resource file by clicking on the resource...

CVE-2018-15122

An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object such as DLL or EXE with an embedded resource file by clicking on the resource...

Design/Logic Flaw

An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object such as DLL or EXE with an embedded resource file by clicking on the resource...

CVE-2018-15122

An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object such as DLL or EXE with an embedded resource file by clicking on the resource...

CVE-2018-14878

JetBrains dotPeek is affected prior to version 2018.2 and ReSharper Ultimate prior to 2018.1.4. The issue arises from Deserialization of Untrusted Data in a compiled .NET object (DLL/EXE), enabling code execution when decompiling or processing crafted data. Impact includes potential arbitrary cod...

Design/Logic Flaw

Redgate .NET Reflector before 10.0.7.774 and SmartAssembly before 6.12.5 allow attackers to execute code by decompiling a compiled .NET object such as a DLL or EXE file with a specific embedded resource file...

CVE-2018-14581

Redgate .NET Reflector before 10.0.7.774 and SmartAssembly before 6.12.5 allow attackers to execute code by decompiling a compiled .NET object such as a DLL or EXE file with a specific embedded resource file...

Authorization

The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header...

CVE-2013-6795

The Updater in Rackspace Openstack Windows Guest Agent for XenServer before 1.2.6.0 allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984, which triggers the download and extraction of a ZIP file that overwrites the Agent service binary...