CVE-2025-15222

A vulnerability has been found in Dromara Sa-Token up to 1.44.0. This issue affects the function ObjectInputStream.readObject of the file SaSerializerTemplateForJdkUseBase64.java. Such manipulation leads to deserialization. The attack can be executed remotely. This attack is characterized by high...

CVE-2025-15222

A vulnerability has been found in Dromara Sa-Token up to 1.44.0. This issue affects the function ObjectInputStream.readObject of the file SaSerializerTemplateForJdkUseBase64.java. Such manipulation leads to deserialization. The attack can be executed remotely. This attack is characterized by high...

CVE-2025-15222 Dromara Sa-Token SaSerializerTemplateForJdkUseBase64.java ObjectInputStream.readObject deserialization

A vulnerability has been found in Dromara Sa-Token up to 1.44.0. This issue affects the function ObjectInputStream.readObject of the file SaSerializerTemplateForJdkUseBase64.java. Such manipulation leads to deserialization. The attack can be executed remotely. This attack is characterized by high...

EUVD-2025-205687

A vulnerability has been found in Dromara Sa-Token up to 1.44.0. This issue affects the function ObjectInputStream.readObject of the file SaSerializerTemplateForJdkUseBase64.java. Such manipulation leads to deserialization. The attack can be executed remotely. This attack is characterized by high...

CVE-2025-15222

CVE-2025-15222 affects Dromara Sa-Token up to 1.44.0. The vulnerability is a deserialization flaw in ObjectInputStream.readObject within SaSerializerTemplateForJdkUseBase64.java, enabling remote manipulation with high complexity and publicly disclosed exploit. Multiple connected sources (Red Hat,...

CVE-2025-15222 Dromara Sa-Token SaSerializerTemplateForJdkUseBase64.java ObjectInputStream.readObject deserialization

A vulnerability has been found in Dromara Sa-Token up to 1.44.0. This issue affects the function ObjectInputStream.readObject of the file SaSerializerTemplateForJdkUseBase64.java. Such manipulation leads to deserialization. The attack can be executed remotely. This attack is characterized by high...

PT-2025-53845

Name of the Vulnerable Software and Affected Versions Dromara Sa-Token versions prior to 1.45.0 Description A flaw exists in Dromara Sa-Token up to version 1.44.0 related to deserialization. The issue is located in the ObjectInputStream.readObject function within the...

Sa-Token 代码问题漏洞

Sa-Token is a lightweight Java authentication framework open source by dromara. A code issue vulnerability exists in Sa-Token 1.44.0 and earlier versions, which stems from a misuse of the function ObjectInputStream.readObject in the file SaSerializerTemplateForJdkUseBase64.java, which could lead ...

CVE-2025-15117

A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization. The attack may be launched remotely. This attack is characterized by high complexity. It is...

CVE-2025-15117

A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization. The attack may be launched remotely. This attack is characterized by high complexity. It is...

CVE-2025-15117

CVE-2025-15117 affects Dromara Sa-Token up to 1.44.0. The flaw is in SaJdkSerializer.java, specifically ObjectInputStream.readObject, enabling a deserialization attack. The description notes remote-launch potential with high attack complexity and difficult exploitability. Multiple sources corrobo...

EUVD-2025-205488

A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization. The attack may be launched remotely. This attack is characterized by high complexity. It is...

CVE-2025-15117 Dromara Sa-Token SaJdkSerializer.java ObjectInputStream.readObject deserialization

A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization. The attack may be launched remotely. This attack is characterized by high complexity. It is...

CVE-2025-15117 Dromara Sa-Token SaJdkSerializer.java ObjectInputStream.readObject deserialization

A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization. The attack may be launched remotely. This attack is characterized by high complexity. It is...

Sa-Token 代码问题漏洞

Sa-Token is a lightweight Java authentication framework open source by dromara. A code issue vulnerability exists in Sa-Token 1.44.0 and earlier versions, which stems from an incorrect operation of the function ObjectInputStream.readObject in the file SaJdkSerializer.java, which could lead to a...

PT-2025-53632

Name of the Vulnerable Software and Affected Versions Dromara Sa-Token versions up to 1.44.0 Description A weakness exists in Dromara Sa-Token up to version 1.44.0 related to deserialization. The issue affects the ObjectInputStream.readObject function within the SaJdkSerializer.java file...

EUVD-2024-2861

Malicious code in bioql PyPI...

CVE-2024-45041

External Secrets Operator is a Kubernetes operator that integrates external secret management systems. The external-secrets has a deployment called default-external-secrets-cert-controller, which is bound with a same-name ClusterRole. This ClusterRole has "get/list" verbs of secrets resources. It...

External Secrets Operator vulnerable to privilege escalation

Details The external-secrets has a deployment called default-external-secrets-cert-controller, which is bound with a same-name ClusterRole. This ClusterRole has "get/list" verbs of secrets...

CVE-2024-45041 External Secrets Operator vulnerable to privilege escalation

External Secrets Operator is a Kubernetes operator that integrates external secret management systems. The external-secrets has a deployment called default-external-secrets-cert-controller, which is bound with a same-name ClusterRole. This ClusterRole has "get/list" verbs of secrets resources. It...