HTTP Response Splitting

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to HTTP Response Splitting via the serialize function. An attacker can inject arbitrary attributes into the Set-Cookie response header by supplying crafted input to the sameSite or priority...

CVE-2026-47675

Summary: Hono prior to 4.12.21 has a vulnerability in the serialize() function of hono/cookie where domain and path options are validated to prevent Set-Cookie header corruption, but sameSite and priority are not validated. This can allow user-controlled input to inject attacker-chosen attributes...

Hono 安全漏洞

Hono is a web framework built in TypeScript for the Hono community. Versions of Hono prior to 4.12.21 contained security vulnerabilities. These vulnerabilities stemmed from the serialize function not verifying the sameSite and priority options. This could allow the application to pass...

Remote Code Execution (RCE)

next-mdx-remote is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient sanitization of MDX content in the serialize function, which allows an attacker to execute arbitrary code...

PT-2026-7809

Name of the Vulnerable Software and Affected Versions next-mdx-remote versions 4.3.0 through 5.0.0 Description The serialize function within next-mdx-remote is susceptible to arbitrary code execution because of inadequate sanitization of MDX content. This allows untrusted MDX to execute JavaScrip...

HDF5 安全漏洞

HDF5 is an HDF open source library. A security vulnerability exists in HDF5 1.14.6 and earlier versions, which stems from a null pointer dereference in the H5Ocachechkserialize function that requires local access...

Drupal core contains a potential PHP Object Injection vulnerability

Drupal core contains a potential PHP Object Injection vulnerability that if combined with another exploit could lead to Artbitrary File Deletion. It is not directly exploitable. This issue is mitigated by the fact that in order to be exploitable, a separate vulnerability must be present that allo...

PT-2021-7393 · Usbredir +5 · Usbredir +5

Name of the Vulnerable Software and Affected Versions: usbredir versions prior to 0.11.0 Description: A use-after-free issue was found in the usbredirparser serialize function in usbredirparser/usbredirparser.c. This occurs when serializing large amounts of buffered write data, particularly in...

CVE-2015-6836

The SoapClient call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the serializefunctioncall...

PHP 'serialize_function_call()' function remote code execution vulnerability

PHP an open source general-purpose computer scripting language. A security vulnerability in the PHP 'serializefunctioncall' function allows remote attackers to submit a special request, execute arbitrary code, or conduct a denial-of-service attack...

PHP 5.6.x < 5.6.12 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.12. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists in file spldllist.c due to improper sanitization of input to the unserialize function. An attacker can...

Heap overflow

Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long...