EUVD-2026-34331

Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can exploit the workspace file and listing APIs, which resolve...

CVE-2026-36501

CVE-2026-36501 affects Controller v12.0.5 in the Externalizable.readExternal() component. The issue allows an attacker to trigger a Denial of Service by supplying a crafted input, as described across multiple sources (Red Hat, NVD, CVE lists, and vendor/third-party references). No exploitation de...

CVE-2026-50076

CVE-2026-50076 affects the Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM. The issue is a deserialization flaw in the Java replace-resolve path that allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and to invoke classpath-present readResolve/r...

PT-2026-46269

Name of the Vulnerable Software and Affected Versions Apache Fory fory-core versions prior to 1.1.0 Description Deserialization of untrusted data in the Java replace-resolve path on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks. B...

CVE-2025-22172

CVE-2025-22172 affects Atlassian Jira Align. The issue is an authorization flaw that lets a low-privilege user access unexpected endpoints and disclose a small amount of sensitive information, exemplified by reading external reports without required permission. The description and connected sourc...

PYSEC-2022-222

The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. As a fix, we added an upper bound and termination condition in the read and write logic. We classify it as a...

PT-2022-17890 · Systemd · Systemd

Name of the Vulnerable Software and Affected Versions: SystemDS versions prior to 2.2.1 Description: The termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. SystemDS is a distributed system and needs to...

CVE-2019-12365

The Newton application through 10.0.23 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...

CVE-2016-10135

An issue was discovered on LG devices using the MTK chipset with L5.0/5.1, M6.0/6.0.1, and N7.0 software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application components that are accessible to any applicati...