Lucene search
K

1709 matches found

SUSE Linux
SUSE Linux
added 2026/05/27 2:22 p.m.12 views

Security update for redis7

This update for redis7 fixes the following issues CVE-2026-23631: Lua use-after-free via the master-replica synchronization mechanism may lead to remote code execution bsc1264165. CVE-2026-25243: invalid memory access in RESTORE command via a specially crafted serialized payload may lead to remot...

7.7CVSS6.5AI score0.02995EPSS
Exploits0References8
OSV
OSV
added 2026/05/27 2:22 p.m.7 views

SUSE-SU-2026:2100-1 Security update for redis7

This update for redis7 fixes the following issues - CVE-2026-23631: Lua use-after-free via the master-replica synchronization mechanism may lead to remote code execution bsc1264165. - CVE-2026-25243: invalid memory access in RESTORE command via a specially crafted serialized payload may lead to...

8.8CVSS6.4AI score0.02995EPSS
Exploits0References5
AlmaLinux
AlmaLinux
added 2026/05/27 12:0 a.m.44 views

Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.127 and .NET Runtime...

7.5CVSS5.8AI score0.0243EPSS
Exploits0References6
OSV
OSV
added 2026/05/27 12:0 a.m.7 views

ALSA-2026:21286 Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.127 and .NET Runtime...

7.5CVSS5.8AI score0.0243EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/26 5:14 p.m.9 views

Security Bulletin: Due to the use of c3p0, IBM webMethods BPM is vulnerable to attack via maliciously crafted Java-serialized objects (CVE-2026-27830)

Summary IBM webMethods BPM includes the standalone utility which includes the vulnerable component c3p0. The tool operates as a standalone utility and is not part of the main runtime environments. Vulnerability Details CVEID:CVE-2026-27830 DESCRIPTION: c3p0, a JDBC Connection pooling library, is...

8.9CVSS6.1AI score0.00534EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/05/26 2:15 p.m.55 views

CVE-2026-45247 Mirasvit Cache Warmer for Magento < 1.11.12 PHP Object Injection

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...

9.8CVSS0.27546EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/26 2:15 p.m.12 views

EUVD-2026-31837

Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows unauthenticated attackers to achieve remote code execution by supplying a crafted serialized PHP object in the CacheWarmer cookie. Attackers can exploit the unrestricted...

9.8CVSS6.7AI score0.27546EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.12 views

PT-2026-43258

Name of the Vulnerable Software and Affected Versions Mirasvit Full Page Cache Warmer for Magento 2 versions prior to 1.11.12 Description A PHP object injection issue exists due to the unrestricted use of the native unserialize function. Unauthenticated attackers can achieve remote code execution...

9.8CVSS6.6AI score0.27546EPSS
Exploits1References72
Veracode
Veracode
added 2026/05/23 5:57 a.m.8 views

Improper Resource Shutdown Or Release

UltraJSON is vulnerable to Improper Resource Shutdown or Release. The vulnerability is due to failure to release the serialized JSON string object when a write operation raises an exception in ujson.dump, which allows an attacker to repeatedly trigger failed writes and cause memory exhaustion,...

8.7CVSS5.8AI score0.00421EPSS
Exploits1References3Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/23 1:29 a.m.21 views

SUSE CVE-2026-39832

When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...

8.4CVSS5.8AI score0.00338EPSS
Exploits0References24
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.13 views

Unity Linux 20.1060e / 20.1070e Security Update: usbredir (UTSA-2026-016614)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016614 advisory. A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparserserialize in usbredirparser/usbredirparser.c. This issue occurs...

6.4CVSS5.8AI score0.00309EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/20 3:35 p.m.12 views

Deserialization of Untrusted Data

Overview net.sf.jasperreports:jasperreports is an open source reporting engine for Java. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the ObjectInputStream subclasses. An attacker can achieve remote code execution on the JVM host by sending a specially...

8.8CVSS6.3AI score0.00476EPSS
Exploits0References2
NVD
NVD
added 2026/05/20 4:16 a.m.14 views

CVE-2026-24142

NVIDIA TRT-LLM for any platform contains a deserialization vulnerability and unsafe serialized handle. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure...

9.8CVSS0.00379EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/20 3:0 a.m.10 views

EUVD-2026-31056

NVIDIA TRT-LLM for any platform contains a deserialization vulnerability and unsafe serialized handle. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure...

6.3CVSS5.9AI score0.00379EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/20 3:0 a.m.42 views

CVE-2026-24142

NVIDIA TRT-LLM for any platform contains a deserialization vulnerability and unsafe serialized handle. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure...

6.3CVSS0.00379EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/20 3:0 a.m.13 views

CVE-2026-24142

NVIDIA TRT-LLM for any platform contains a deserialization vulnerability and unsafe serialized handle. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure...

6.3CVSS5.9AI score0.00379EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.12 views

PT-2026-42088

Name of the Vulnerable Software and Affected Versions NVIDIA TRT-LLM affected versions not specified Description NVIDIA TRT-LLM contains a deserialization issue and an unsafe serialized handle. Deserialization is the process of converting a data stream back into an object. A successful exploit...

9.8CVSS6AI score0.00379EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/19 9:25 a.m.11 views

CVE-2026-46725 Remote Code Execution in extension "Content Element Selector" (ceselector)

The extension passes an attacker-controlled cookie directly to PHP's unserialize without safely processing the input. A remote, unauthenticated attacker can supply a crafted serialized payload to trigger PHP Object Injection, leading to Remote Code Execution on the TYPO3 server. Exploitation...

9.2CVSS5.8AI score0.02306EPSS
Exploits1References1
NVD
NVD
added 2026/05/19 7:16 a.m.26 views

CVE-2026-47309

Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Oversized Serialized Data Payloads. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3...

7.5CVSS0.00266EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 4:47 a.m.7 views

CVE-2026-47309

Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Oversized Serialized Data Payloads. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3...

5.5CVSS5.8AI score0.00266EPSS
Exploits0References2
Rows per page
Query Builder