CVE-2025-50537

Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run method, which validates test cases and checks for duplicates. During validation, the internal function...

Deserialization Of Untrusted Data

org.apache.nifi, nifi-asana-processors is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to the use of unfiltered Java object serialization and deserialization in the GetAsanaObject Processor, which allows an attacker with access to the configured cache server to supply...

EUVD-2025-204524

Apache NiFi GetAsanaObject Processor has Remote Code Execution via Unsafe Deserialization...

Docker Desktop 安全漏洞

Docker Desktop is a desktop software for lightweight deployment of applications based on container technology from Docker Inc. in the United States. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...

EUVD-2021-0673

Malware in sbrugna...

EUVD-2016-5369

Malware in sbrugna...

EUVD-2022-3072

Malicious code in bioql PyPI...

mina-core: Apache MINA: applications using unbounded deserialization may allow RCE

A flaw was found in Apache MINA. The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sendin...

Apache MINA 安全漏洞

Apache MINA is a web application framework from the Apache USA Foundation. It is primarily used for developing high-performance and highly scalable web applications. A security vulnerability exists in Apache MINA versions 2.0.X, 2.1.X, and 2.2.X. The vulnerability stems from a lack of necessary...

PT-2024-9987

Name of the Vulnerable Software and Affected Versions Apache MINA versions 2.0.X through 2.2.X Description The ObjectSerializationDecoder in Apache MINA lacks necessary security checks when processing incoming serialized data using Java’s native deserialization protocol. This allows attackers to...

OESA-2024-2400 xstream security update

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

CVE-2024-32876 NewPipe has potential security vulnerability when importing settings

NewPipe is an Android app for video streaming written in Java. It supports exporting and importing backups, as a way to let users move their data to a new device effortlessly. However, in versions 0.13.4 through 0.26.1, importing a backup file from an untrusted source could have resulted in...

CVE-2024-32876

CVE-2024-32876 concerns NewPipe (Android, Java) backups. In versions 0.13.4–0.26.1, importing a backup from an untrusted source could lead to Arbitrary Code Execution because the app deserializes backups via Java Object Serialization Stream Protocol. Attackers must craft a malicious backup and co...

CVE-2024-32876 NewPipe has potential security vulnerability when importing settings

NewPipe is an Android app for video streaming written in Java. It supports exporting and importing backups, as a way to let users move their data to a new device effortlessly. However, in versions 0.13.4 through 0.26.1, importing a backup file from an untrusted source could have resulted in...

CVE-2023-4402 Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via products

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the getproducts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugi...

Security Bulletin: IBM Storage Protect is vulnerable to a denial of service attack due to Google Gson (CVE-2022-25647)

Summary IBM Spectrum Protect is uses Google Gson for object serialization and is vulnerable to this attack. Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Google Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. By using the writeReplace method, ...

SUSE CVE-2021-21348

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup...

Security Bulletin: Multiple vulnerabilities in Apache Commons Collections affect IBM InfoSphere Information Server

Summary Multiple vulnerabilities in Apache Commons Collections used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2015-4852 DESCRIPTION: The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers t...

HackerOne: Ability to escape database transaction through SQL injection, leading to arbitrary code execution

HackerOne has an internal backend interface that gives debugging capabilities to its engineers. One of the features is the ability to run EXPLAIN ANALYZE queries against a connected database. This feature is accessible by a handful of engineers. The feature is vulnerable to a SQL injection that...

MAL-2022-1571 Malicious code in bigid-query-object-serialization (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bad7d8f633f4cb50e32e1b20019d44cd102cdfe707cb1a729dc3b3777525c434 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...