Lucene search
K

42 matches found

EUVD
EUVD
added 6 days ago8 views

EUVD-2026-38388

MessagePack-CSharp: MessagePackReader.Skip can recurse without enforcing maximum object graph depth...

7.5CVSS5.8AI score0.00275EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 9:17 p.m.24 views

CVE-2026-48506 MessagePack-CSharp: MessagePackReader.Skip can recurse without enforcing maximum object graph depth

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePackReader.TrySkip recursively descends into nested arrays and maps without incrementing the reader depth or calling the configured depth checks. This bypasses MessagePackSecurity.MaximumObjectGraphDepth, the...

7.5CVSS0.00275EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 9:17 p.m.22 views

CVE-2026-48506

The CVE-2026-48506 entry concerns MessagePack-CSharp: MessagePackReader.TrySkip() can recurse without incrementing depth checks, bypassing MaximumObjectGraphDepth and risking unbounded recursion leading to StackOverflow. Affected: MessagePack-CSharp (reader Skip usage in nested arrays/maps). Root...

7.5CVSS5.8AI score0.00275EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:12 p.m.5 views

CVE-2026-48513

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, runtime-generated union deserializers emitted by DynamicUnionResolver do not call MessagePackSecurity.DepthStepref reader and do not decrement reader.Depth around recursive deserialization and skip paths. This means...

7.5CVSS5.9AI score0.00231EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/18 8:8 p.m.9 views

dynaconf Affected by Remote Code Execution (RCE) via Insecure Template Evaluation in @jinja Resolver

Summary Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in configuration values without a sandboxed environment. If an attacker can...

8.1CVSS6.1AI score0.00526EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.6 views

PT-2026-26201

Name of the Vulnerable Software and Affected Versions dynaconf versions prior to 3.2.13 Description dynaconf is susceptible to Server-Side Template Injection SSTI due to insecure template evaluation within the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template...

8.1CVSS6.2AI score0.00526EPSS
Exploits1References21
GithubExploit
GithubExploit
added 2026/03/16 8:1 a.m.167 views

Exploit for Deserialization of Untrusted Data in Apache Struts

Apache Struts S2-052 XML Deserialization RCE This repository...

8.1CVSS7.7AI score0.99461EPSS
Exploits23
OSV
OSV
added 2026/03/13 8:57 p.m.38 views

GHSA-RVV3-G6HJ-G44X AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion

Summary AutoMapper is vulnerable to a Denial of Service DoS attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit. This allows an attacker to provide a specially crafted object graph that exhausts the thread's sta...

7.5CVSS5.9AI score0.00542EPSS
Exploits1References7
EUVD
EUVD
added 2026/03/11 9:31 p.m.8 views

EUVD-2018-21653

Epross AVCON6 systems management platform contains an object-graph navigation language OGNL injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by injecting malicious OGNL expressions. Attackers can send crafted requests to the login.action endpoint with OG...

9.8CVSS6AI score0.00394EPSS
Exploits0References3
NVD
NVD
added 2026/03/11 7:15 p.m.8 views

CVE-2018-25159

Epross AVCON6 systems management platform contains an object-graph navigation language OGNL injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by injecting malicious OGNL expressions. Attackers can send crafted requests to the login.action endpoint with OG...

9.8CVSS0.00394EPSS
Exploits0References2
CVE
CVE
added 2026/03/11 6:23 p.m.8 views

CVE-2018-25159

CVE-2018-25159 affects the Epross AVCON6 system management platform. An OGNL injection in login.action allows unauthenticated attackers to inject OGNL payloads via the redirect parameter to instantiate ProcessBuilder and execute arbitrary commands with root privileges. Impact is described as high...

9.8CVSS6AI score0.00394EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.9 views

PT-2026-24788

Epross AVCON6 systems management platform contains an object-graph navigation language OGNL injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by injecting malicious OGNL expressions. Attackers can send crafted requests to the login.action endpoint with OG...

9.8CVSS6AI score0.00394EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.10 views

Epross AVCON6 安全漏洞

Epross AVCON6 is a monitoring video management server developed by Epross Corporation. Epross AVCON6 has a security vulnerability, which stems from OGNL injection. This vulnerability could allow unverified attackers to execute arbitrary commands...

9.8CVSS6.1AI score0.00394EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2011-2085

Malware in sbrugna...

5CVSS6.4AI score0.03772EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-5450

Malware in sbrugna...

9CVSS8.6AI score0.08341EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2025/08/25 6:19 p.m.251 views

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

PoC: Apache Struts2 CVE-2017-5638 Safe Educational Demo...

10CVSS9.8AI score0.99999EPSS
Exploits44
OSV
OSV
added 2025/08/18 8:15 p.m.5 views

CVE-2025-53192

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the API Ognl.getValue​, the OGNL engine parses and evaluates the provided expression with powerful capabilities...

7.7AI score
Exploits0References1
GithubExploit
GithubExploit
added 2025/08/17 10:4 p.m.290 views

Exploit for CVE-2025-54253

CVE-2025-54253 Adobe AEM OGNL Injection Simulated PoC Lab !...

10CVSS8.9AI score0.89824EPSS
Exploits7
Packet Storm News
Packet Storm News
added 2025/06/20 12:0 a.m.12 views

Analyzing PDFs like Binaries: Adversarially Robust PDF Malware Analysis Via Intermediate Representation and Language Model

Malicious PDF files have emerged as a persistent threat and become a popular attack vector in web-based attacks. While machine learning-based PDF malware classifiers have shown promise, these classifiers are often susceptible to adversarial attacks, undermining their reliability. To address this...

6.9AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/09/21 12:0 a.m.6 views

The vulnerability of the OGNL expression transformation class implementation in the Apache Struts software platform allows a hacker to execute arbitrary code.

The vulnerability of the OGNL expression transformation class implementation in the Apache Struts software platform is related to incorrect code generation during the processing of the includeParams attribute. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a...

10CVSS8.2AI score0.71767EPSS
Exploits6References5Affected Software2
Rows per page
Query Builder