MAL-2026-3413 Malicious code in django-b64-img (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f5ebdaebc61cf7a888322348e074f219519b7d09a24ab91732d8bc5061d86b2e The package provides a special image-storing field for Django REST Framework based on a legitimate implementation from the Hipo/drf-extra-fields repository. Th...

Cross-site Scripting (XSS)

Overview prosemirror-model is a ProseMirror's document model Affected versions of this package are vulnerable to Cross-site Scripting XSS due to serializeNodeInner and serializeMark functions that put a value from an attribute directly in an array used to describe a DOM structure and not fully...

VulnCheck KEV: CVE-2023-27372

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1...

Unsafe Deserialization

geode-core is vulnerable to unsafe deserialization. If a malicious user has DATA:WRITE access to a cluster, they may be able to trigger remote code execution RCE attacks. These attacks can occur because the server stores data in its serialized form and some cluster operations and API invocations...

CVE-2017-15693

Apache Geode prior to v1.4.0 stores objects in serialized form, and certain cluster operations and API invocations deserialize these objects. A user with DATA:WRITE access to the cluster may trigger remote code execution if certain classes are present on the classpath. The issue is rooted in unsa...

Important: Red Hat Security Advisory: java-1.7.0-openjdk security update

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

Important: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

Python-Pickle-Class-Constructor

Python is an open source, object oriented programming language. The Python Pickle module is provided to convert object variables into a serialized form "pickling", and later recover the data back into an object hierarchy "unpickling". A vulnerability has been reported in the Pickle implementation...

Python 1.5/1.6/2.0/2.1.x Pickle Class Constructor Arbitrary Code Execution

No description provided by source. source: http://www.securityfocus.com/bid/5257/info Python is an open source, object oriented programming language. The Python Pickle module is provided to convert object variables into a serialized form pickling, and later recover the data back into an object...