Lucene search
K

6 matches found

OSV
OSV
added 2026/02/12 10:11 p.m.6 views

GHSA-R33W-FG8J-9C94 MagicLink: Insecure Deserialization of MagicLink Actions Leads to Remote Code Execution

Description MagicLink stores serialized action objects in the magiclinks.action database column and deserializes them without integrity validation or class allowlisting in src/MagicLink.php and src/Actions/ResponseAction.php. An attacker with the ability to manipulate database records e.g., via S...

8.8CVSS6.1AI score
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-4702

Malware in sbrugna...

9.8CVSS9AI score0.01582EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-1107

Malware in sbrugna...

9.1CVSS9AI score0.01584EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-17830

Malware in sbrugna...

8.8CVSS9.1AI score0.0154EPSS
Exploits0References8
OSV
OSV
added 2024/07/31 6:33 p.m.3 views

USN-6936-1 libcommons-collections3-java vulnerability

It was discovered that Apache Commons Collections allowed serialization support for unsafe classes by default. A remote attacker could possibly use this issue to execute arbitrary code...

9.8CVSS7.5AI score0.96032EPSS
Exploits17References2
myhack58
myhack58
added 2014/11/17 12:0 a.m.22 views

PHP WDDX Serializier Data Injection Vulnerability-vulnerability warning-the black bar safety net

PHP WDDX Serializier Data Injection Vulnerability Taoguang Chen - 2014.11.2 PHP in the array is serialized into a WDDX structure of the process, there is no array key name strictly limited, can lead to falsification of the object WDDX structure. i serialize the object PHP in the object is...

0.2AI score
Exploits0
Rows per page
Query Builder