Lucene search
K

457 matches found

NVD
NVD
added 2024/05/21 8:15 p.m.14 views

CVE-2024-34274

OpenBD 20210306203917-6cbe797 is vulnerable to Deserialization of Untrusted Data. The cookies bdglobals and bdclientspot of the OpenBD software uses serialized data, which can be used to execute arbitrary code on the system. NOTE: This vulnerability only affects products that are no longer...

3.9CVSS7.4AI score0.00217EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/05/10 12:0 a.m.4 views

VulnCheck KEV: CVE-2016-4326

The Chef Manage formerly opscode-manage add-on before 1.12.0 for Chef allows remote attackers to execute arbitrary code via crafted serialized data in a cookie...

9.8CVSS7.7AI score0.04194EPSS
Exploits0References1
CNVD
CNVD
added 2024/04/10 12:0 a.m.2 views

GPT Academic Code Execution Vulnerability

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a code execution vulnerability that arises from unsafe deserialization of serialized data received by an application from a user, which can be exploited by an...

9.8CVSS8AI score0.01215EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/08 12:0 a.m.4 views

GPT Academic 安全漏洞

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a code execution vulnerability that arises from unsafe deserialization of serialized data received by an application from a user, which can be exploited by an...

9.8CVSS7.9AI score0.01215EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/04/07 12:0 a.m.3 views

EyouCMS 代码问题漏洞

EyouCms Eyou CMS is an open source content management system CMS based on ThinkPHP. EyouCMS version 1.6.5 has a deserialization vulnerability, the vulnerability stems from the unsafe deserialization of the parameter channelid of the file /login.php in the receipt of user-submitted serialized data...

8.8CVSS7.5AI score0.00717EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/03/06 12:0 a.m.15 views

Serialized Data Detected

Serialization is the process of converting an object to a stream of bytes, in order to store or send it through the network. By opposition, deserialization is the process of reconstructing an object from this stream of bytes. Web applications often use serialized data transmitted from the client...

7.2AI score
Exploits0References1
CNNVD
CNNVD
added 2023/12/10 12:0 a.m.4 views

PHPEMS 代码问题漏洞

PHPEMS is a PHP online mock exam system. PHPEMS suffers from a deserialization vulnerability that stems from unsafe deserialization processing of lib/session.cls.php when receiving serialized data submitted by a user, which can be exploited by an attacker to cause code execution...

8.8CVSS7.5AI score0.01666EPSS
Exploits1References4
CNVD
CNVD
added 2023/11/22 12:0 a.m.19 views

Apache Submarine Deserialization Vulnerability

Apache Submarine is a cloud-native machine learning platform from the Apache USA Foundation. Apache Submarine suffers from a deserialization vulnerability that stems from unsafe deserialization processing by snakeyaml when receiving serialized data submitted by a user, which can be exploited by a...

9.8CVSS7.2AI score0.01747EPSS
Exploits1References1
CNVD
CNVD
added 2023/11/13 12:0 a.m.28 views

Apache UIMA Deserialization Vulnerability

Apache UIMA is the United States Apache Apache Foundation, a componentized software architecture. Used to analyze large-volume unstructured information associated with end users. Apache UIMA version 3.5.0 before the existence of a deserialization vulnerability , the vulnerability stems from the...

8.8CVSS8.6AI score0.01471EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/09/27 12:0 a.m.5 views

emlog 代码问题漏洞

emlog is a PHP and MySQL based CMS builder for emlog personal developers. emlog pro v2.1.15 and previous versions of the existence of a deserialization vulnerability, the vulnerability stems from the application in the receipt of user-submitted serialized data insecure deserialization process, a...

9.8CVSS7.5AI score0.01552EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/08/11 1:21 p.m.14 views

CVE-2023-39945 Malformed serialized data in a data submessage leads to unhandled exception

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5, a data submessage sent to PDP port raises unhandled BadParamException in fastcdr, which in turn crashes fastdds. Versions 2.11.0,...

8.2CVSS6.6AI score0.00808EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/07/12 12:0 a.m.4 views

Adobe ColdFusion 代码问题漏洞

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has a deserialization vulnerability that arises from unsafe deserialization of...

9.8CVSS7.2AI score0.99984EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/06/30 12:0 a.m.6 views

The vulnerability in the web-based interface for managing the ArcServe UDP data protection software allows a perpetrator to escalate their privileges and execute arbitrary code.

The vulnerability of the web interface for managing the ArcServe UDP data protection software is related to errors in processing serialized data. Exploiting this vulnerability allows a malicious actor to enhance their privileges and execute arbitrary code by sending a specially crafted HTTP reque...

10CVSS8.2AI score0.37715EPSS
Exploits2References5Affected Software1
Snyk
Snyk
added 2023/06/14 12:0 a.m.5 views

Privilege Escalation

Overview Affected versions of this package are vulnerable to Privilege Escalation. A vulnerability exists in .NET when deserializing a DataSet or DataTable from XML which may result in elevation of privileges. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-arm64 to version 6.0.18, 7.0.7 ...

7.5CVSS7.5AI score0.01558EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/04/18 12:0 a.m.2 views

PT-2023-9021

Name of the Vulnerable Software and Affected Versions Spring Security versions 5.7.x through 5.7.7 Spring Security versions 5.8.x through 5.8.2 Spring Security versions 6.0.x through 6.0.2 Description The issue is related to the logout support not properly cleaning the security context if using...

10CVSS6.8AI score0.00648EPSS
Exploits0References11
CNNVD
CNNVD
added 2023/03/15 12:0 a.m.5 views

Adobe ColdFusion 代码问题漏洞

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. A deserialization vulnerability exists in Adobe ColdFusion. The vulnerability arises from insecure...

9.8CVSS7.4AI score0.17937EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2023/03/14 6:49 p.m.574 views

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Proof of Concept for Log4j CVE-2021-44228 Disclaimer Th...

10CVSS9.4AI score0.99999EPSS
Exploits349
F5 Networks
F5 Networks
added 2023/02/21 6:55 p.m.114 views

K29691966: PHP vulnerability CVE-2016-5773

Security Advisory Description phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service...

9.8CVSS9.3AI score0.0926EPSS
Exploits5
F5 Networks
F5 Networks
added 2023/02/21 6:52 p.m.66 views

K30363030: PHP vulnerability CVE-2016-5771

Security Advisory Description splarray.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and...

9.8CVSS8.8AI score0.15484EPSS
Exploits5Affected Software21
F5 Networks
F5 Networks
added 2023/02/21 6:47 p.m.44 views

K48414132: PHP SOAP vulnerability CVE-2015-8835

Security Advisory Description The makehttpsoaprequest function in ext/soap/phphttp.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service NULL pointer dereference, type confusion, and...

9.8CVSS9.3AI score0.06195EPSS
Exploits1
Rows per page
Query Builder