Lucene search
K

457 matches found

CNNVD
CNNVD
added 2026/04/09 12:0 a.m.7 views

wolfSSL 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, aimed at developers working with embedded systems. There is a security vulnerability in wolfSSL: when restoring sessions from the cache, pointers in serialized session data are not...

4.1CVSS5.9AI score0.00172EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/04/03 11:24 p.m.9 views

SUSE CVE-2026-34877

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...

9.8CVSS6AI score0.00426EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.6 views

RTI Connext Professional 安全漏洞

RTI Connext Professional is a connectivity platform developed by RTI Corporation in the United States, specifically designed to meet the demanding requirements of Industrial Internet of Things IIoT. RTI Connext Professional has a security vulnerability that stems from improper restrictions on XML...

9.1CVSS5.8AI score0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/05 1:57 a.m.4 views

CVE-2026-3452

Concrete CMS below version 9.4.8 is vulnerable to Remote Code Execution by stored PHP object injection into the Express Entry List block via the columns parameter. An authenticated administrator can store attacker-controlled serialized data in block configuration fields that are later passed to...

8.9CVSS6.1AI score0.00605EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/02 12:0 a.m.8 views

Chamilo 代码问题漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.30 had code vulnerabilities. These vulnerabilities stemmed from the application’s ability to deserialize data that could be tampered with, allowing attackers to create arbitrary class...

9.8CVSS6AI score0.00367EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/19 7:21 p.m.8 views

CVE-2025-60036

A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data...

8.8CVSS6.4AI score0.00369EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/19 7:21 p.m.8 views

CVE-2025-60037

A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which...

8.8CVSS6.4AI score0.00287EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/19 6:39 p.m.5 views

CVE-2026-27475 SPIP < 4.4.9 Insecure Deserialization

SPIP before 4.4.9 allows Insecure Deserialization in the public area through the tablevaleur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content a pre-condition requiring prior access or another vulnerability can trigger arbitrary...

9.2CVSS6AI score0.00776EPSS
Exploits2References3
OSV
OSV
added 2026/02/18 2:16 p.m.4 views

CVE-2025-60035

A vulnerability has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data...

8.8CVSS6.2AI score0.00369EPSS
Exploits0References1
NVD
NVD
added 2026/02/18 2:16 p.m.8 views

CVE-2025-60038

A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which...

8.8CVSS0.00287EPSS
Exploits0References1
NVD
NVD
added 2026/02/18 2:16 p.m.9 views

CVE-2025-60035

A vulnerability has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data...

8.8CVSS0.00369EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/18 2:3 p.m.23 views

CVE-2025-60038

A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which...

7.8CVSS0.00287EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/18 2:3 p.m.5 views

CVE-2025-60038

A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which...

7.8CVSS6.3AI score0.00287EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/18 2:2 p.m.24 views

CVE-2025-60036

A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data...

7.8CVSS0.00369EPSS
Exploits0References1
CVE
CVE
added 2026/02/18 2:1 p.m.17 views

CVE-2025-60035

The vulnerability CVE-2025-60035 affects the OPC.Testclient utility in Rexroth IndraWorks prior to version 15V24. It allows an attacker to achieve Remote Code Execution by parsing a specially crafted serialized file that is opened by a user; deserialization of malicious data leads to a complete c...

8.8CVSS6.4AI score0.00369EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.10 views

Bosch Rexroth IndraWorks 安全漏洞

Bosch Rexroth IndraWorks is a general engineering framework software developed by the German company Bosch Rexroth. Bosch Rexroth IndraWorks has a security vulnerability that stems from deserialization issues when parsing specially crafted files containing malicious serialized data, which may lea...

8.8CVSS6.1AI score0.00287EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.7 views

PT-2026-20411

Name of the Vulnerable Software and Affected Versions Rexroth IndraWorks OPC.Testclient versions prior to 15V24 Description A flaw exists in the OPC.Testclient utility, included within Rexroth IndraWorks, that allows an attacker to execute arbitrary code on a user’s system. This is achieved by...

7.8CVSS6.2AI score0.00369EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/02/17 12:55 a.m.6 views

npm-serialize-javascript: Cross-site Scripting (XSS) in serialize-javascript

A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by...

5.4CVSS5.8AI score0.01006EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/09 9:55 a.m.7 views

CVE-2020-12469

admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection with resultant file deletion via serialized data in the subpages value within a block to blocks/edit...

6.5CVSS7.2AI score0.00864EPSS
Exploits1References1
Snyk
Snyk
added 2026/01/05 3:40 a.m.7 views

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE over the /expr endpoint. An authenticated user can execute code or disrupt service by sending malicious serialized data as the code parameter, which is passed to expr.Exec and executed as an expression without...

8.8CVSS6.8AI score0.00316EPSS
Exploits0References2
Rows per page
Query Builder