CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-47501

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.00801EPSS

Exploits0References3

Prion•added 2022/11/09 9:15 p.m.•16 views

Privilege escalation

The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation...

7.5CVSS9.4AI score0.00801EPSS

Exploits0References2Affected Software2

Vulnrichment•added 2022/11/09 12:0 a.m.•5 views

CVE-2022-44558

The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation...

9.5AI score0.00801EPSS

Exploits0References2

PyPA•added 2022/06/27 6:15 p.m.•4 views

PYSEC-2022-222

The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. As a fix, we added an upper bound and termination condition in the read and write logic. We classify it as a...

7.5CVSS7AI score0.06109EPSS

Exploits0References2Affected Software1

NVD•added 2022/02/11 6:15 p.m.•8 views

CVE-2021-39676

In writeThrowable of AndroidFuture.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

7.8CVSS0.00012EPSS

Exploits0References1

Prion•added 2022/02/11 6:15 p.m.•16 views

Input validation

7.2CVSS7.5AI score0.00012EPSS

Exploits0References1Affected Software1

CNNVD•added 2021/08/23 12:0 a.m.•0 views

XStream 代码问题漏洞

XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...

8.5CVSS9.2AI score0.83089EPSS

Exploits2References25

RedhatCVE•added 2020/04/06 2:35 p.m.•27 views

CVE-2020-11111

A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions a...

8.8CVSS3.6AI score0.02082EPSS

Exploits0References4

CVE•added 2019/09/27 6:5 p.m.•54 views

CVE-2019-9373

Technical details about CVE-2019-9373 are not provided in the supplied documents. Monitor for updates from official advisories; no specific affected products, payloads, or mitigations are disclosed here.

5.5CVSS6AI score0.00027EPSS

Exploits0References1Affected Software1

myhack58•added 2017/06/09 12:0 a.m.•84 views

In-depth understanding of the JAVA deserialization vulnerability-vulnerability warning-the black bar safety net

1.Java serialization and deserialization Java serialization refers to the Java object is converted to byte sequence of the process easy to save in memory, a file, a database, the ObjectOutputStream class's writeObjectmethod can be implemented serialized. Java deserialization refers to the sequenc...

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by