Lucene search
K

4308 matches found

Nuclei
Nuclei
added 8 hours ago124 views

Dassault Systèmes DELMIA Apriso (up to 2025) - Insecure Deserialization

A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution. id: CVE-2025-5086 info: name: Dassault Systèmes DELMIA Apriso up to 2025 - Insecure Deserialization author: hacktronai,iamnoooob,pdresearch...

9CVSS7.3AI score0.89706EPSS
Exploits1References2
Nuclei
Nuclei
added 8 hours ago116 views

FasterXML Jackson Databind <=2.9.10.4 - Remote Code Execution

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig aka anteros-core. id: CVE-2020-9548 info: name: FasterXML Jackson Databind =2.9.10.4 - Remote Code Execution author: tomaquet18...

9.8CVSS7AI score0.18345EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday85 views

XStream <1.4.17 - Remote Code Execution

XStream before 1.4.17 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of...

8.8CVSS7AI score0.77735EPSS
Exploits1References5
NVD
NVD
added 4 days ago6 views

CVE-2026-49844

Improper encoding of non-finite floating-point values during MapMessage JSON serialization in Apache Log4j API produces output that is not valid JSON. This issue affects Apache Log4j API versions 2.13.1 through 2.25.4 and version 2.26.0. The fix for CVE-2026-34481 did not cover all code paths: wh...

6.3CVSS0.0078EPSS
Exploits0References4
OSV
OSV
added 2026/07/07 2:34 p.m.5 views

PYSEC-2026-1859 Malciously crafted QPY files can allows Remote Attackers to Cause Denial of Service in Qiskit

Impact A maliciously crafted QPY file containing a malformed symengine serialization stream as part of the larger QPY serialization of a ParameterExpression object can cause a segfault within the symengine library, allowing an attacker to terminate the hosting process deserializing the QPY payloa...

8.6CVSS5.9AI score0.0066EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/07 9:20 a.m.6 views

EUVD-2026-42030

A bug in BaseSerialization.deserialize allowed unrestricted importstring of attacker-controlled class paths when the Scheduler / API Server loaded a serialized DAG: a DAG author could embed a malicious trigger into a DAG to gain remote code execution on the API Server / Scheduler process, crossin...

9.8CVSS6.7AI score0.01649EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/07 9:20 a.m.37 views

CVE-2026-33264 Apache Airflow: DAG author RCE on webserver via unrestricted import_string() in BaseSerialization.deserialize()

A bug in BaseSerialization.deserialize allowed unrestricted importstring of attacker-controlled class paths when the Scheduler / API Server loaded a serialized DAG: a DAG author could embed a malicious trigger into a DAG to gain remote code execution on the API Server / Scheduler process, crossin...

0.01649EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.11 views

PT-2026-56175

Name of the Vulnerable Software and Affected Versions apache-airflow versions prior to 3.3.0 Description A bug in the BaseSerialization.deserialize function allows unrestricted import string of attacker-controlled class paths when the Scheduler or API Server loads a serialized DAG. A DAG author c...

9.8CVSS6.6AI score0.01649EPSS
Exploits0References15
CVE
CVE
added 2026/07/06 9:38 p.m.16 views

CVE-2026-43921

FOSSBilling is affected by a PHP code injection in versions 0.6.10–0.7.2 via Config::prettyPrintArrayToPHP(), where updated configuration values are written to config.php without escaping single quotes. Because config.php is loaded with a bare include on each HTTP request, an admin with privilege...

8.9CVSS6.2AI score0.00274EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 9:38 p.m.4 views

CVE-2026-43921 FOSSBilling vulnerable to arbitrary PHP code injection via unescaped config serialization

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.10 through 0.7.2 have a PHP code injection vulnerability in FOSSBilling's Config::prettyPrintArrayToPHP method. When configuration values are updated, string values are written into config.php without escaping...

8.9CVSS6.2AI score0.00274EPSS
Exploits0References3
NVD
NVD
added 2026/07/06 9:16 a.m.13 views

CVE-2026-43865

Deserialization of Untrusted Data vulnerability in Apache Camel Hazelcast component. The camel-hazelcast component creates and manages Hazelcast instances using a default configuration that applies no Java deserialization filter. When Camel builds the Hazelcast Config itself - that is, when no...

8.1CVSS0.00804EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/07/06 7:55 a.m.37 views

CVE-2026-43865 Apache Camel: Camel-Hazelcast: Unsafe Java deserialization in default-configured managed Hazelcast instances enables remote code execution

Deserialization of Untrusted Data vulnerability in Apache Camel Hazelcast component. The camel-hazelcast component creates and manages Hazelcast instances using a default configuration that applies no Java deserialization filter. When Camel builds the Hazelcast Config itself - that is, when no...

0.00804EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/06 6:44 a.m.3 views

Security Bulletin: IBM Quantum Safe Remediator is affected by mutiple vulnerabilities

Summary The vulnerabilities are found in the dependent open source libraries used in IBM Quantum Safe Remediator code base. IBM Quantum Safe Remediator has addressed these vulnerabilities by updating the versions of the affected libraries. Vulnerability Details CVEID:CVE-2026-39824 DESCRIPTION:...

9.3CVSS6.4AI score0.00492EPSS
Exploits2Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.12 views

PT-2026-55883

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.14.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An issue exists where the default ObjectInputFilter pattern used for deserialization filtering in...

8.1CVSS6.1AI score0.00546EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-55884

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description The camel-hazelcast component manages Hazelcast instances using a default configuration that lacks a...

8.1CVSS6.5AI score0.00804EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/07/06 12:0 a.m.22 views

Oracle Linux 10 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50372)

The remote Oracle Linux 10 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50372 advisory. - net/sched: fix pedit partial COW leading to page cache corruption Rajat Gupta CVE-2026-46331 - eventpoll: fix epremove struct eventpoll / struc...

9.8CVSS7AI score0.96267EPSS
Exploits326References820
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-54896

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in object mode, Oj.dump is vulnerable to a he...

2.1CVSS6.2AI score0.00119EPSS
Exploits0References3
OSV
OSV
added 2026/07/01 12:16 a.m.3 views

DEBIAN-CVE-2026-54896

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in object mode, Oj.dump is vulnerable to a heap buffer overflow when serializing Exception objects with a large :indent value. The serializer allocates a buffer sized for the object'...

2.1CVSS6AI score0.00119EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 12:16 a.m.5 views

UBUNTU-CVE-2026-54896

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in object mode, Oj.dump is vulnerable to a heap buffer overflow when serializing Exception objects with a large :indent value. The serializer allocates a buffer sized for the object'...

2.1CVSS6AI score0.00119EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 11:20 p.m.35 views

CVE-2026-54896 Oj: Heap Buffer Overflow in Oj.dump Exception Serialization via Large Indent

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in object mode, Oj.dump is vulnerable to a heap buffer overflow when serializing Exception objects with a large :indent value. The serializer allocates a buffer sized for the object'...

2.1CVSS0.00119EPSS
Exploits0References1
Rows per page
Query Builder