Lucene search
K

293 matches found

Vulnrichment
Vulnrichment
added 2026/05/03 11:45 p.m.3 views

CVE-2026-7712 MindsDB Pickle pickle.loads deserialization

A security vulnerability has been detected in MindsDB up to 26.01. Affected is the function pickle.loads of the component Pickle Handler. The manipulation leads to deserialization. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vend...

6.5CVSS6.1AI score0.00297EPSS
Exploits0References4
CVE
CVE
added 2026/05/03 11:45 p.m.26 views

CVE-2026-7712

CVE-2026-7712 affects MindsDB up to version 26.01, with the vulnerability centered on the Pickle Handler's pickle.loads deserialization. The issue allows remote manipulation that leads to deserialization, and the exploit has been publicly disclosed and may be used. The vendor has not responded to...

6.5CVSS6.1AI score0.00297EPSS
Exploits0References4
NVD
NVD
added 2026/05/02 10:16 p.m.30 views

CVE-2026-7669

A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the function gettokenizer of the file python/sglang/srt/utils/hftransformersutils.py of the component HuggingFace Transformer Handler. The manipulation of the argument trustremotecode with the input False as part of Boole...

6.3CVSS0.00368EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/02 10:0 p.m.10 views

CVE-2026-7669

A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the function gettokenizer of the file python/sglang/srt/utils/hftransformersutils.py of the component HuggingFace Transformer Handler. The manipulation of the argument trustremotecode with the input False as part of Boole...

6.3CVSS6AI score0.00368EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/02 10:0 p.m.28 views

EUVD-2026-26802

A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the function gettokenizer of the file python/sglang/srt/utils/hftransformersutils.py of the component HuggingFace Transformer Handler. The manipulation results in deserialization. The attack can be executed remotely. A hi...

6.3CVSS5.3AI score0.00368EPSS
Exploits0References3
OSV
OSV
added 2026/05/02 12:31 a.m.18 views

GHSA-XQXW-R767-67M7 mem0ai mem0 has an Improper Input Validation Issue

A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vectorstores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used...

6.3CVSS5.4AI score0.00315EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/01 9:15 p.m.29 views

CVE-2026-7597 mem0ai mem0 faiss.py pickle.dump deserialization

A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vectorstores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used...

6.5CVSS0.00315EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/01 9:15 p.m.8 views

EUVD-2026-26721

A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vectorstores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used...

6.5CVSS5.4AI score0.00315EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/04/28 8:30 p.m.4 views

CVE-2026-7317

A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache Value Handler. The manipulation results in deserialization. The attack may be...

5CVSS4.8AI score0.00224EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.9 views

Unisys WebPerfect Image Suite 安全漏洞

Unisys WebPerfect Image Suite is an enterprise document imaging and management system developed by Unisys, Inc. Both versions of Unisys WebPerfect Image Suite 3.0.3960.22810 and 3.0.3960.22604 contain security vulnerabilities. These vulnerabilities stem from the exposure of deprecated.NET Remotin...

10CVSS5.8AI score0.00687EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/06 1:0 p.m.1 views

CVE-2026-5659 pytries datrie trie File datrie.pyx Trie.__setstate__ deserialization

A vulnerability was found in pytries datrie up to 0.8.3. The affected element is the function Trie.load/Trie.read/Trie.setstate of the file src/datrie.pyx of the component trie File Handler. The manipulation results in deserialization. The attack can be launched remotely. The exploit has been mad...

7.5CVSS6.2AI score0.00264EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.3 views

PT-2026-30602

A vulnerability was found in pytries datrie up to 0.8.3. The affected element is the function Trie.load/Trie.read/Trie. setstate of the file src/datrie.pyx of the component trie File Handler. The manipulation results in deserialization. The attack can be launched remotely. The exploit has been ma...

7.5CVSS6.2AI score0.00264EPSS
Exploits0References7
NVD
NVD
added 2026/04/05 4:16 a.m.6 views

CVE-2026-5536

A weakness has been identified in FedML-AI FedML up to 0.8.9. Affected is the function sendMessage of the file grpcserver.py of the component gRPC server. Executing a manipulation can lead to deserialization. The attack may be performed from remote. The vendor was contacted early about this...

7.5CVSS0.00378EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/05 2:45 a.m.31 views

CVE-2026-5536 FedML-AI FedML gRPC server grpc_server.py sendMessage deserialization

A weakness has been identified in FedML-AI FedML up to 0.8.9. Affected is the function sendMessage of the file grpcserver.py of the component gRPC server. Executing a manipulation can lead to deserialization. The attack may be performed from remote. The vendor was contacted early about this...

7.5CVSS0.00378EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/27 12:25 a.m.1 views

CVE-2026-33728

dd-trace-java is a Datadog APM client for Java. In versions of dd-trace-java 0.40.0 through prior to 1.60.2, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and earlier, an attacker with network access ...

9.3CVSS6AI score0.00622EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/03/26 9:16 a.m.9 views

CVE-2026-4860

A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. This affects the function GenericFastJsonRedisSerializer of the file src/main/java/com/genersoft/iot/vmp/conf/redis/RedisTemplateConfig.java of the component API Endpoint. The manipulation results in deserialization. It...

7.5CVSS0.00427EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/26 8:18 a.m.6 views

CVE-2026-4860

A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. This affects the function GenericFastJsonRedisSerializer of the file src/main/java/com/genersoft/iot/vmp/conf/redis/RedisTemplateConfig.java of the component API Endpoint. The manipulation results in deserialization. It...

7.5CVSS5.3AI score0.00427EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/26 8:18 a.m.38 views

CVE-2026-4860 648540858 wvp-GB28181-pro API Endpoint RedisTemplateConfig.java GenericFastJsonRedisSerializer deserialization

A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. This affects the function GenericFastJsonRedisSerializer of the file src/main/java/com/genersoft/iot/vmp/conf/redis/RedisTemplateConfig.java of the component API Endpoint. The manipulation results in deserialization. It...

7.5CVSS0.00427EPSS
Exploits0References4
CVE
CVE
added 2026/03/12 12:2 a.m.14 views

CVE-2026-3967

Alfresco Activiti up to versions 7.19/8.8.0 is affected by a deserialization flaw in the function deserialize/createObjectInputStream of activiti-core/activiti-engine/src/main/java/org/activiti/engine/impl/variable/SerializableType.java within the Process Variable Serialization System. This leads...

6.5CVSS5.4AI score0.00242EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/23 1:20 a.m.10 views

CVE-2026-2898

A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulation of the argument cloudaccount results in deserialization. The attack may be performed from...

6.5CVSS5.3AI score0.00223EPSS
Exploits1References1
Rows per page
Query Builder