Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

279 matches found

Cvelist
Cvelistadded 2026/05/26 2:15 p.m.35 views

CVE-2026-45247 Mirasvit Cache Warmer for Magento < 1.11.12 PHP Object Injection

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...

9.8CVSS0.00137EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/26 2:15 p.m.6 views

EUVD-2026-31837

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...

9.8CVSS6.7AI score0.00137EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/26 12:0 a.m.5 views

PT-2026-43258

Name of the Vulnerable Software and Affected Versions Mirasvit Full Page Cache Warmer for Magento 2 versions prior to 1.11.12 Description An issue exists where unauthenticated attackers can achieve remote code execution by providing a crafted serialized PHP object within the CacheWarmer cookie...

9.8CVSS6.6AI score0.00137EPSS
Exploits0References11
EUVD
EUVDadded 2026/05/08 9:31 a.m.5 views

EUVD-2025-209738

Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the postrebootcommands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are intentionally allowed to execut...

9.1CVSS6.3AI score0.00037EPSS
Exploits4References3
NVD
NVDadded 2026/05/08 7:16 a.m.2 views

CVE-2025-69690

Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the postrebootcommands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are intentionally allowed to execut...

9.1CVSS0.00037EPSS
Exploits4References2
CVE
CVEadded 2026/05/08 12:0 a.m.990 views

CVE-2025-69690

Netgate pfSense Community Edition 2.7.2 and 2.8.0 are affected by two authenticated RCE paths. First, unsafe deserialization in the module installer/backups allows a crafted backup XML containing a serialized PHP object with the post_reboot_commands property to execute commands with root privileg...

9.1CVSS6.3AI score0.00037EPSS
Exploits4References2Affected Software1
Cvelist
Cvelistadded 2026/05/08 12:0 a.m.25 views

CVE-2025-69690

Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the postrebootcommands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are intentionally allowed to execut...

0.00037EPSS
Exploits4References2
ATTACKERKB
ATTACKERKBadded 2026/05/08 12:0 a.m.4 views

CVE-2025-69690

Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the postrebootcommands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are intentionally allowed to execut...

6.3AI score0.00037EPSS
Exploits4References3
Positive Technologies
Positive Technologiesadded 2026/05/08 12:0 a.m.4 views

PT-2026-38672

Name of the Vulnerable Software and Affected Versions Netgate pfSense CE version 2.7.2 Description Netgate pfSense CE allows code execution through the module installer. This occurs when a backup file containing a serialized PHP object with the post reboot commands property is used. Recommendatio...

9.1CVSS6.2AI score0.00037EPSS
Exploits4References6
Vulnrichment
Vulnrichmentadded 2026/05/08 12:0 a.m.5 views

CVE-2025-69690

Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the postrebootcommands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are intentionally allowed to execut...

6.3AI score0.00037EPSS
Exploits4References2
RedHat Linux
RedHat Linuxadded 2026/05/07 6:0 p.m.2 views

com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects

A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted javax.naming.Reference or serialized object to an application using the library. This can provoke the application to download and execute arbitrary...

9.8CVSS8AI score0.00151EPSS
Exploits1References8
ATTACKERKB
ATTACKERKBadded 2026/04/27 9:38 a.m.3 views

CVE-2026-40858

The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream without applying any ObjectInputFilter. An attacker who can write to the Infinispan cache used by a Camel application can inject a...

9.8CVSS8.7AI score0.11975EPSS
Exploits3References2Affected Software1
CVE
CVEadded 2026/04/13 8:19 p.m.8 views

CVE-2026-32271

CVE-2026-32271 affects Craft Commerce (Craft CMS) in versions 4.0.0–4.10.2 and 5.0.0–5.5.4, where an SQL injection in the Commerce TotalRevenue widget allows any authenticated control panel user to achieve remote code execution. The exploit involves unsanitized widget settings interpolated into S...

7.7CVSS6.5AI score0.0008EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/03/04 12:0 a.m.3 views

PT-2026-22863

Concrete CMS below version 9.4.8 is vulnerable to Remote Code Execution by stored PHP object injection into the Express Entry List block via the columns parameter. An authenticated administrator can store attacker-controlled serialized data in block configuration fields that are later passed to...

8.9CVSS6AI score0.00273EPSS
Exploits0References3
Veracode
Veracodeadded 2026/02/28 5:2 a.m.3 views

Remote Code Execution (RCE)

mchange-commons-java is vulnerable to Remote Code Execution RCE. The vulnerability is due to its independent JNDI dereferencing implementation allowing remote factoryClassLocation values, which can cause the application to download and execute attacker-controlled code when processing a malicious...

9.8CVSS6.1AI score0.00151EPSS
Exploits1References6Affected Software1
Packet Storm
Packet Stormadded 2026/02/25 12:0 a.m.100 views

📄 SPIP Gadget Chain Insecure Deserialization

SPIP Gadget Chain versions prior to 4.4.9 suffer from a potential PHP object deserialization vulnerability. ============================================================================================================================================= | Title : SPIP Gadget Chain before 4.4.9...

9.2CVSS5.7AI score0.00193EPSS
Exploits2
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2020-25823

Malware in sbrugna...

7.5CVSS5.6AI score0.00439EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2016-7132

Malware in sbrugna...

9.8CVSS9.3AI score0.02251EPSS
Exploits1References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2013-6835

Malware in sbrugna...

7.5CVSS6.3AI score0.00703EPSS
Exploits0References6
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2021-10821

Malware in sbrugna...

9CVSS8.3AI score0.01406EPSS
Exploits0References2
Rows per page
Query Builder