Lucene search
K

1713 matches found

NVD
NVD
added 2026/06/10 12:16 a.m.18 views

CVE-2026-40993

An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository saml2assertingpartymetadata may be able to store malicious serialized payloads in the columns containing the collection of verification or encryption credentials verificationcredentials and...

7.3CVSS0.00198EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.27 views

VMware Spring Security 代码问题漏洞

VMware Spring Security is a security framework provided by the American company VMware, designed to provide descriptive security protection for Spring-based applications. Versions of VMware Spring Security from 7.0.0 to 7.0.5 have code vulnerabilities. These vulnerabilities stem from attackers wh...

7.3CVSS5.5AI score0.00198EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.11 views

TYPO3 CMS 代码问题漏洞

TYPO3 CMS is a content management system developed under the TYPO3 open source framework. Code vulnerabilities existed in versions prior to TYPO3 CMS 10.4.57, as well as in versions 11.0.0 to 11.5.51, 12.0.0 to 12.4.46, 13.0.0 to 13.4.31, and 14.0.0 to 14.3.3. These vulnerabilities stemmed from...

6.3CVSS6.4AI score0.00215EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.18 views

CVE-2026-44660

A flaw was found in UltraJSON, a fast JSON encoder and decoder. When the ujson.dump function attempts to write data to a file-like object and an error occurs during this operation, the memory allocated for the serialized JSON string is not properly released. This continuous failure to deallocate...

8.7CVSS5AI score0.00421EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/06/05 10:28 p.m.8 views

CVE-2026-7654

The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of unserialize without an allowedclasses restriction in the IdsToCollection::getidsfromstring function, which processes...

8.8CVSS6.6AI score0.00652EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.11 views

CVE-2026-32270

Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, the PaymentsController::actionPay discloses some order data to unauthenticated users when an order number is provided and the email check fails during an anonymous payment. The JSON...

6.3CVSS5.3AI score0.00295EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.12 views

CVE-2026-47309

Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Oversized Serialized Data Payloads. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3...

7.5CVSS5.4AI score0.00266EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.12 views

CVE-2026-24142

NVIDIA TRT-LLM for any platform contains a deserialization vulnerability and unsafe serialized handle. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure...

9.8CVSS5.6AI score0.00379EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.11 views

CVE-2026-44580

A flaw was found in Next.js. A remote attacker could exploit this cross-site scripting XSS vulnerability by injecting untrusted content into beforeInteractive scripts. Due to improper escaping of serialized script content, this could allow the attacker to execute arbitrary JavaScript code in a...

6.1CVSS6.1AI score0.00205EPSS
Exploits0References4
NVD
NVD
added 2026/06/04 10:16 a.m.14 views

CVE-2026-47320

Access of uninitialized pointer, Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Pointer Manipulation, Oversized Serialized Data Payloads. This issue affects rlottie: before eae37633fda13ac05b25c6c95aacea4bc33c80a3...

6.1CVSS0.00104EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 9:38 a.m.43 views

CVE-2026-47320

Access of uninitialized pointer, Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Pointer Manipulation, Oversized Serialized Data Payloads. This issue affects rlottie: before eae37633fda13ac05b25c6c95aacea4bc33c80a3...

6.1CVSS0.00104EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 7:48 a.m.10 views

CVE-2026-45360 Apache Airflow: Arbitrary import in custom deadline-reference deserialization

Apache Airflow's scheduler-side deadline-reference decoder SerializedCustomReference.deserializereference imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gate. A DAG author whose code reaches the scheduler — t...

6AI score0.00651EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:48 a.m.19 views

CVE-2026-45360

Apache Airflow's scheduler-side deadline-reference decoder SerializedCustomReference.deserializereference imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gate. A DAG author whose code reaches the scheduler — t...

6AI score0.00651EPSS
Exploits0References3
CVE
CVE
added 2026/06/01 7:48 a.m.46 views

CVE-2026-45360

Summary (CVE-2026-45360) : Apache Airflow’s scheduler-side deadline-reference deserialization in SerializedCustomReference.deserialize_reference can import arbitrary attacker-controlled module paths because there is no allowlist or plugin-registry gate. A DAG author’s code that reaches the schedu...

7.3CVSS6AI score0.00651EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.19 views

PT-2026-45374

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.2 Description The scheduler-side deadline-reference decoder SerializedCustomReference.deserialize reference imports and dispatches arbitrary class paths from serialized state controlled by a DAG author...

7.3CVSS5.8AI score0.00651EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.14 views

SUSE SLES15 Security Update : redis (SUSE-SU-2026:2098-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2098-1 advisory. This update for redis fixes the following issue - CVE-2026-25243: invalid memory access in RESTORE command via a specially crafted serialize...

8.8CVSS6.3AI score0.02995EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/28 6:22 p.m.13 views

EUVD-2026-32980

Automad is a flat-file content management system and template engine. From 2.0.0-alpha.1 to 2.0.0-beta.27, a Broken Access Control vulnerability allows an unauthenticated attacker to retrieve the bcrypt password hash of every administrator account with a single POST request. The...

7.5CVSS5.8AI score0.00298EPSS
Exploits1References1
OSV
OSV
added 2026/05/28 3:39 p.m.3 views

GHSA-P47F-322F-WHFH QOS.CH Sarl logback logback-core has a deserialization of untrusted data vulnerability

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer c...

2.1CVSS6.4AI score0.0037EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/28 3:20 p.m.8 views

CVE-2026-47759 TinyMCE Cross-Site Scripting (XSS) vulnerability using through data-mce- prefixed src, href, style attributes

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via unsanitized data-mce- attributes data-mce-href, data-mce-src, data-mce-style. Allows attackers to inject malicious values that override safe attributes during serialization,...

8.7CVSS5.8AI score0.00238EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.15 views

Automad 访问控制错误漏洞

Automad is a flat-file content management system and template engine developed by Marc Anton Dahmen. Versions of Automad from 2.0.0-alpha.1 to 2.0.0-beta.27 contain access control vulnerabilities. These vulnerabilities stem from ineffective access control mechanisms, allowing unauthorized attacke...

7.5CVSS5.8AI score0.00298EPSS
Exploits1References2
Rows per page
Query Builder