EUVD-2026-32640

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from...

ALSA-2026:21286 Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.127 and .NET Runtime...

Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.127 and .NET Runtime...

Security Bulletin: Due to the use of c3p0, IBM webMethods BPM is vulnerable to attack via maliciously crafted Java-serialized objects (CVE-2026-27830)

Summary IBM webMethods BPM includes the standalone utility which includes the vulnerable component c3p0. The tool operates as a standalone utility and is not part of the main runtime environments. Vulnerability Details CVEID:CVE-2026-27830 DESCRIPTION: c3p0, a JDBC Connection pooling library, is...

Deserialization of Untrusted Data

Overview net.sf.jasperreports:jasperreports is an open source reporting engine for Java. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the ObjectInputStream subclasses. An attacker can achieve remote code execution on the JVM host by sending a specially...

CVE-2026-40473

The camel-mina component's MinaConverter.toObjectInputIoBuffer type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina as a TCP or UDP consumer and requests conversion to ObjectInput f...

EUVD-2019-20103

phpBB contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by exploiting the plupload functionality and phar:// stream wrapper. Attackers can upload a crafted zip file containing serialized PHP objects that execute arbitrary code when...

PT-2026-30493

phpBB contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by exploiting the plupload functionality and phar:// stream wrapper. Attackers can upload a crafted zip file containing serialized PHP objects that execute arbitrary code when...

CVE-2026-27830

A flaw was found in c3p0, a Java Database Connectivity JDBC Connection pooling library. This vulnerability allows an attacker to achieve arbitrary code execution by providing maliciously crafted Java-serialized objects or javax.naming.Reference instances. By manipulating the userOverridesAsString...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the factoryClassLocation function. An attacker can achieve arbitrary code execution by provoking the application to read a maliciously...

CVE-2020-36894

Eibiz i-Media Server Digital Signage 3.8.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through AMF-encoded object manipulation. Attackers can send crafted serialized objects to the /messagebroker/amf endpoint to create administrative...

EUVD-2016-9744

Malware in sbrugna...

EUVD-2020-25696

Malware in sbrugna...

EUVD-2025-19137

Malicious code in bioql PyPI...

EUVD-2023-2544

Malicious code in bioql PyPI...

EUVD-2023-27577

Malicious code in bioql PyPI...

DataChain 代码问题漏洞

DataChain is a version control software from Iterative open source. A code issue vulnerability exists in DataChain 0.34.1 and prior versions, which stems from failure to validate data when reading serialized objects from environment variables, which could lead to code execution...

PT-2025-40450

Name of the Vulnerable Software and Affected Versions DataChain versions 0.34.1 and below Description DataChain is a Python-based AI-data warehouse for transforming and analyzing unstructured data. The library reads serialized objects from environment variables, specifically DATACHAIN METASTORE a...

shiro-exploit

This is a Python script for exploiting a vulnerability in Apache Shiro, a Java-based security framework. The script is designed to bypass authentication and authorization checks in Shiro, allowing an attacker to gain unauthorized access to sensitive data. The script uses the Crypto.Cipher module ...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the BigDecimal and BigInteger handling in the MessageSerializer class. An attacker can execute arbitrary code or manipulate application behavior by providing crafted serialized objects. Details...