Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2026/05/26 8:15 p.m.7 views

CVE-2026-9497

A flaw has been found in changmingxie tcc-transaction up to 2.1.0. This issue affects the function Fastjson.parseObject of the component Fastjson AutoType REST API. This manipulation causes deserialization. It is possible to initiate the attack remotely. The vendor was contacted early about this...

6.5CVSS6.3AI score0.00045EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/25 7:45 p.m.16 views

CVE-2026-9497 changmingxie tcc-transaction Fastjson AutoType REST API Fastjson.parseObject deserialization

A flaw has been found in changmingxie tcc-transaction up to 2.1.0. This issue affects the function Fastjson.parseObject of the component Fastjson AutoType REST API. This manipulation causes deserialization. It is possible to initiate the attack remotely. The vendor was contacted early about this...

6.5CVSS0.00045EPSS
Exploits0References4
EUVD
EUVDadded 2026/05/25 7:45 p.m.6 views

EUVD-2026-31730

A flaw has been found in changmingxie tcc-transaction up to 2.1.0. This issue affects the function Fastjson.parseObject of the component Fastjson AutoType REST API. This manipulation causes deserialization. It is possible to initiate the attack remotely. The vendor was contacted early about this...

6.5CVSS6.3AI score0.00045EPSS
Exploits0References4
OSV
OSVadded 2025/11/25 8:15 p.m.2 views

CVE-2025-51742

An issue was discovered in jishenghua JSHERP 2.3.1. The /material/getMaterialEnableSerialNumberList endpoint passes the search query parameter directly to parseObject, introducing a Fastjson deserialization vulnerability that can lead to RCE via JDBC payloads...

9.8CVSS6.9AI score
Exploits0References4
CVE
CVEadded 2025/11/25 12:0 a.m.11 views

CVE-2025-51742

CVE-2025-51742 affects jishenghua JSH_ERP 2.3.1. The /material/getMaterialEnableSerialNumberList endpoint passes the search query parameter directly to parseObject(), enabling a Fastjson deserialization vulnerability that can lead to remote code execution via JDBC payloads. No remediation or expl...

9.8CVSS6.6AI score0.00146EPSS
Exploits0References4Affected Software1
CVE
CVEadded 2025/10/14 8:6 p.m.8 views

CVE-2025-62374

CVE-2025-62374 affects the Parse JavaScript SDK before 7.0.0. A malicious payload could be injected via several APIs, enabling remote code execution through components such as ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations (internal), and encode/decode (...

6.4CVSS7.2AI score0.00174EPSS
Exploits0References4
CNNVD
CNNVDadded 2024/02/29 12:0 a.m.3 views

WuKongOpenSource WukongCRM Security Vulnerability

WuKongOpenSource WukongCRM is a Customer Relationship Management CRM system from China Wukong WuKong. A security vulnerability exists in WuKongOpenSource WukongCRM version v.72crm9.0.120191202. A remote attacker can exploit this vulnerability to execute arbitrary code via the parseObject function...

9.8CVSS7.8AI score0.78452EPSS
Exploits1References3
CNVD
CNVDadded 2018/10/24 12:0 a.m.3 views

Pippo FastjsonEngine Fastjson Arbitrary Code Execution Vulnerability

Pippo is a Java-based Web framework . FastjsonEngine is one of the JSON processing engine . Fastjson is one of the Java-based JSON parser/generator . Pippo 1.11.0 version of FastjsonEngine used by Fastjson 1.2.25 before the version of parseObject has a security vulnerability. A remote attacker ca...

10CVSS9.6AI score0.90694EPSS
Exploits2References1
Rows per page
Query Builder