Lucene search
K

1719 matches found

Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.20 views

PT-2026-45374

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.2 Description The scheduler-side deadline-reference decoder SerializedCustomReference.deserialize reference imports and dispatches arbitrary class paths from serialized state controlled by a DAG author...

7.3CVSS5.8AI score0.00651EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.15 views

SUSE SLES15 Security Update : redis (SUSE-SU-2026:2098-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2098-1 advisory. This update for redis fixes the following issue - CVE-2026-25243: invalid memory access in RESTORE command via a specially crafted serialize...

8.8CVSS6.3AI score0.02995EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/28 6:22 p.m.13 views

EUVD-2026-32980

Automad is a flat-file content management system and template engine. From 2.0.0-alpha.1 to 2.0.0-beta.27, a Broken Access Control vulnerability allows an unauthenticated attacker to retrieve the bcrypt password hash of every administrator account with a single POST request. The...

7.5CVSS5.8AI score0.00298EPSS
Exploits1References1
OSV
OSV
added 2026/05/28 3:39 p.m.3 views

GHSA-P47F-322F-WHFH QOS.CH Sarl logback logback-core has a deserialization of untrusted data vulnerability

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer c...

2.1CVSS6.4AI score0.0037EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/28 3:20 p.m.8 views

CVE-2026-47759 TinyMCE Cross-Site Scripting (XSS) vulnerability using through data-mce- prefixed src, href, style attributes

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via unsanitized data-mce- attributes data-mce-href, data-mce-src, data-mce-style. Allows attackers to inject malicious values that override safe attributes during serialization,...

8.7CVSS5.8AI score0.00281EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.15 views

Automad 访问控制错误漏洞

Automad is a flat-file content management system and template engine developed by Marc Anton Dahmen. Versions of Automad from 2.0.0-alpha.1 to 2.0.0-beta.27 contain access control vulnerabilities. These vulnerabilities stem from ineffective access control mechanisms, allowing unauthorized attacke...

7.5CVSS5.8AI score0.00298EPSS
Exploits1References2
NVD
NVD
added 2026/05/27 9:16 p.m.15 views

CVE-2026-44660

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each failed write operatio...

8.7CVSS0.00421EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:35 p.m.11 views

CVE-2026-45134

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from...

7.1CVSS5.8AI score0.00199EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/27 7:35 p.m.30 views

EUVD-2026-32640

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to LangSmith SDK Python 0.8.0 and JS/TS 0.6.0, the LangSmith SDK's prompt pull methods pullprompt / pullpromptcommit in Python, pullPrompt / pullPromptCommit in JS/TS fetch and deserialize prompt manifests from...

7.1CVSS5.8AI score0.00199EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2026/05/27 2:22 p.m.12 views

Security update for redis7

This update for redis7 fixes the following issues CVE-2026-23631: Lua use-after-free via the master-replica synchronization mechanism may lead to remote code execution bsc1264165. CVE-2026-25243: invalid memory access in RESTORE command via a specially crafted serialized payload may lead to remot...

7.7CVSS6.5AI score0.02995EPSS
Exploits0References8
OSV
OSV
added 2026/05/27 2:22 p.m.8 views

SUSE-SU-2026:2100-1 Security update for redis7

This update for redis7 fixes the following issues - CVE-2026-23631: Lua use-after-free via the master-replica synchronization mechanism may lead to remote code execution bsc1264165. - CVE-2026-25243: invalid memory access in RESTORE command via a specially crafted serialized payload may lead to...

8.8CVSS6.4AI score0.02995EPSS
Exploits0References5
AlmaLinux
AlmaLinux
added 2026/05/27 12:0 a.m.46 views

Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.127 and .NET Runtime...

7.5CVSS5.8AI score0.0243EPSS
Exploits0References6
OSV
OSV
added 2026/05/27 12:0 a.m.7 views

ALSA-2026:21286 Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.127 and .NET Runtime...

7.5CVSS5.8AI score0.0243EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/26 5:14 p.m.10 views

Security Bulletin: Due to the use of c3p0, IBM webMethods BPM is vulnerable to attack via maliciously crafted Java-serialized objects (CVE-2026-27830)

Summary IBM webMethods BPM includes the standalone utility which includes the vulnerable component c3p0. The tool operates as a standalone utility and is not part of the main runtime environments. Vulnerability Details CVEID:CVE-2026-27830 DESCRIPTION: c3p0, a JDBC Connection pooling library, is...

8.9CVSS6.1AI score0.00534EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/05/26 2:15 p.m.12 views

EUVD-2026-31837

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...

9.8CVSS6.7AI score0.27546EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/26 2:15 p.m.80 views

CVE-2026-45247 Mirasvit Cache Warmer for Magento < 1.11.12 PHP Object Injection

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...

9.8CVSS0.27546EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.12 views

PT-2026-43258

Name of the Vulnerable Software and Affected Versions Mirasvit Full Page Cache Warmer for Magento 2 versions prior to 1.11.12 Description A PHP object injection issue exists due to the unrestricted use of the native unserialize function. Unauthenticated attackers can achieve remote code execution...

9.8CVSS6.6AI score0.27546EPSS
Exploits1References72
Veracode
Veracode
added 2026/05/23 5:57 a.m.9 views

Improper Resource Shutdown Or Release

UltraJSON is vulnerable to Improper Resource Shutdown or Release. The vulnerability is due to failure to release the serialized JSON string object when a write operation raises an exception in ujson.dump, which allows an attacker to repeatedly trigger failed writes and cause memory exhaustion,...

8.7CVSS5.8AI score0.00421EPSS
Exploits1References3Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/23 1:29 a.m.22 views

SUSE CVE-2026-39832

When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...

8.4CVSS5.8AI score0.00525EPSS
Exploits0References24
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.14 views

Unity Linux 20.1060e / 20.1070e Security Update: usbredir (UTSA-2026-016614)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016614 advisory. A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparserserialize in usbredirparser/usbredirparser.c. This issue occurs...

6.4CVSS5.8AI score0.00309EPSS
Exploits0References4
Rows per page
Query Builder