399 matches found
[SECURITY] Fedora 44 Update: perl-Sereal-Encoder-5.005-1.fc44
This library implements an efficient, compact-output, and feature-rich serializer using a binary protocol called Sereal...
Linux Distros Unpatched Vulnerability : CVE-2026-31072
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure...
CVE-2026-48207
Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...
CVE-2026-48207 Apache Fory: PyFory ReduceSerializer Incomplete Policy Enforcement
Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...
CVE-2026-48207 Apache Fory: PyFory ReduceSerializer Incomplete Policy Enforcement
Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...
EUVD-2026-31292
Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...
CVE-2026-48207
Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...
CVE-2026-48207
CVE-2026-48207 affects Apache Fory: PyFory ReduceSerializer deserializes attacker-controlled data and could bypass DeserializationPolicy validation during reduce-state restoration and global-name resolution. Impact is high (CVSS 3.1: 9.8, CRITICAL, NETWORK/LOW/ NONE user interactions). The issue ...
Apache Fory 代码问题漏洞
Apache Fory is a serialization framework developed by the Apache Foundation. Versions of Apache Fory prior to 1.0.0 contained code vulnerabilities. These vulnerabilities stemmed from the ReduceSerializer in PyFory, which might bypass the DeserializationPolicy validation hook during state...
CVE-2026-31072
A flaw was found in APScheduler, affecting its JSONSerializer and CBORSerializer components. This vulnerability, known as insecure deserialization, allows a remote attacker to execute arbitrary code on the system. By sending a specially crafted data payload, an attacker can manipulate the...
DEBIAN-CVE-2026-31072
The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...
CVE-2026-31072
The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...
UBUNTU-CVE-2026-31072
The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...
CVE-2026-31072
The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...
PT-2026-41945
Name of the Vulnerable Software and Affected Versions APScheduler affected versions not specified Description The JSONSerializer and CBORSerializer are subject to Remote Code Execution RCE through insecure deserialization. The unmarshal object function enables arbitrary class instantiation and...
apscheduler 安全漏洞
apscheduler is a Python task scheduling and queueing system developed by Alex Grönholm. There are security vulnerabilities in the apscheduler 3.10.x version and 4.0.0a5 version. These vulnerabilities stem from the unmarshalobject function in JSONSerializer and CBORSerializer, which allows arbitra...
CVE-2026-31072
The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...
CVE-2026-31072
The vulnerability CVE-2026-31072 affects APScheduler’s JSONSerializer and CBORSerializer across all versions (including 3.10.x and 4.0.0a5). The root cause is insecure deserialization: the unmarshal_object function can instantiate arbitrary classes and inject state by dynamically importing module...
CVE-2026-31072
The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...
EUVD-2026-27131
@fastify/accepts-serializer Vulnerable to Denial of Service via Unbounded Accept Header Cache Growth...