Akka 代码问题漏洞

Akka is an Akka open source expressive SDK and platform for developing, deploying and operating enterprise agent services. A code issue vulnerability exists in Akka 2.10.6 and earlier versions that stems from the use of Java serialization to process cluster metrics...

PT-2025-27331 · Akka · Akka

Name of the Vulnerable Software and Affected Versions: Akka versions through 2.10.6 Description: The issue concerns the use of Java serialization for cluster metrics in the akka-cluster-metrics component. Recommendations: For versions through 2.10.6, consider disabling Java serialization for...

CVE-2025-53393

In Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics...

PT-2025-26875 · Ibm · Ibm Websphere Application Server

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 8.5 and 9.0 Description: The issue allows a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. This poses a serious risk to enterprise Jav...

VulnCheck KEV: CVE-2020-9547

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig aka ibatis-sqlmap...

VulnCheck KEV: CVE-2020-9548

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig aka anteros-core...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching bsc1242006. CVE-2024-35840: mptcp: use OPTIONMPTCPMPJSYNACK in subflowfinishconnect bsc122459...

Astra Linux – Vulnerability in Python 3.11

There is a medium-severity vulnerability affecting CPython. The email module does not properly quote newlines for email headers when serializing an email message, allowing for header injection when an email is serialized...

Astra Linux – Vulnerability in GhostScript

A issue was discovered in Artifex Ghostscript prior to version 10.05.0. A buffer overflow occurs during the serialization of DollarBlend in a font, specifically in files base/t1.c and psi/zfapi.c...

[SECURITY] Fedora 41 Update: rust-kbs-types-0.11.0-1.fc41

Rust deserializable types for KBS...

[SECURITY] Fedora 42 Update: rust-kbs-types-0.11.0-1.fc42

Rust deserializable types for KBS...

Security Bulletin: A vulnerability in Apache Active MQ NMS affects IBM Robotic Process Automation and could result in arbitrary code exections (CVE-2025-29953).

Summary A vulnerability in Apache Active MQ NMS affects IBM Robotic Process Automation and could result in arbitrary code exections CVE-2025-29953. Apache Active MQ is used by IBM Robotic Process automation for integration with Apache Active MQ. This security bulletin identifies the fixes require...

YAML-LibYAML: Shell injection

Background YAML-LibYAML provides YAML Serialization using XS and libyaml for Perl. Description YAML-LibYAML uses the legacy '2-arg' open call which is susceptible to shell injection via malicious filenames. Impact Shell injection may be used to execute arbitrary code using a malicious filename...

Hash Collision Attack

vllm is vulnerable to hash collision and data integrity issues. The vulnerability is due to improper image serialization using only raw pixel bytes without metadata, allowing attackers to create images with identical hashes and exploit cache poisoning or access sensitive data...

CVE-2025-39480 WordPress Car Dealer theme < 1.6.8 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeMakers Car Dealer allows Object Injection.This issue affects Car Dealer: from n/a before 1.6.8...

CVE-2025-23045

Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. An attacker with an account on an affected CVAT instance is able to run arbitrary code in the context of the Nuclio function container. This vulnerability affects CVAT deployments that run...

CVE-2024-50050

Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead...

CVE-2024-5625

Improper Restriction of XML External Entity Reference vulnerability in PruvaSoft Informatics Apinizer Management Console allows Data Serialization External Entities Blowup. This issue affects Apinizer Management Console: before 2024.05.1...

CVE-2024-0047

In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. This could lead to local denial of service when policies are deserialized on reboot with no additional execution privileges needed. User interaction is not needed for...

CVE-2024-39673

Vulnerability of serialisation/deserialisation mismatch in the iAware module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...