Lucene search
K

423 matches found

OSV
OSV
added 2026/02/21 7:1 a.m.7 views

CVE-2026-27206 Zumba Json Serializer has a potential PHP Object Injection via Unrestricted @type in unserialize()

Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The deserializer instantiates any class specified in the @type field without restriction. When...

8.1CVSS6.3AI score0.0074EPSS
Exploits0References5
CVE
CVE
added 2026/02/21 7:1 a.m.23 views

CVE-2026-27206

The CVE concerns Zumba Json Serializer for PHP. Versions 3.2.2 and earlier allow deserialization of PHP objects from JSON via an @type field, which can instantiate any class specified without restrictions. If attacker-controlled JSON reaches JsonSerializer::unserialize() and the app contains clas...

8.1CVSS6.2AI score0.0074EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/21 12:0 a.m.12 views

Json Serializer for PHP 代码问题漏洞

Json Serializer for PHP is an open-source JSON serialization tool developed by Zumba. Versions of Json Serializer for PHP prior to 3.2.2 had code vulnerabilities. These vulnerabilities stemmed from the ability to deserialize PHP objects using the @type field, which could lead to PHP object...

8.1CVSS6.2AI score0.0074EPSS
Exploits0References5
OSV
OSV
added 2026/02/19 10:5 p.m.20 views

GHSA-V7M3-FPCR-H7M2 Zumba Json Serializer has a potential PHP Object Injection via Unrestricted @type in unserialize()

Description The zumba/json-serializer library allows deserialization of PHP objects from JSON using a special @type field. Prior to version 3.2.3, the deserializer would instantiate any class specified in the @type field without restriction. When processing untrusted JSON input, this behavior may...

8.1CVSS6.3AI score0.0074EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-27206

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects fro...

8.1CVSS6AI score0.0074EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:33 a.m.15 views

CVE-2024-39018

harvey-woo cat5th/key-serializer v0.2.5 was discovered to contain a prototype pollution via the function "query". This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

6.3CVSS6.8AI score0.00419EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/01 10:28 p.m.7 views

CVE-2025-69286

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API key and beta assistant/agent share auth token generation process allows these tokens to be mutually derivable. Specifically, both tokens are...

9.8CVSS6.8AI score0.00492EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.5 views

PT-2026-20985

Name of the Vulnerable Software and Affected Versions Zumba Json Serializer versions 3.2.2 and below Description The Zumba Json Serializer library allows deserialization of PHP objects from JSON using a special @type field. Prior to version 3.2.3, the deserializer instantiates any class specified...

8.1CVSS6AI score0.0074EPSS
Exploits0References16
Cvelist
Cvelist
added 2025/12/31 9:52 p.m.23 views

CVE-2025-69286 RAGFlow has Predictable Token Generation Leading to Authentication Bypass Vulnerability

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API key and beta assistant/agent share auth token generation process allows these tokens to be mutually derivable. Specifically, both tokens are...

9.3CVSS0.00492EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/12/31 12:5 p.m.7 views

CVE-2025-15246

A vulnerability was determined in aizuda snail-job up to 1.7.0 on macOS. Affected by this vulnerability is the function FurySerializer.deserialize of the component API. This manipulation of the argument argsStr causes deserialization. Remote exploitation of the attack is possible. The exploit has...

6.5CVSS6.7AI score0.00237EPSS
Exploits0References1
NVD
NVD
added 2025/12/30 12:15 p.m.5 views

CVE-2025-15246

A vulnerability was determined in aizuda snail-job up to 1.7.0 on macOS. Affected by this vulnerability is the function FurySerializer.deserialize of the component API. This manipulation of the argument argsStr causes deserialization. Remote exploitation of the attack is possible. The exploit has...

6.5CVSS0.00237EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/30 11:32 a.m.25 views

CVE-2025-15246 aizuda snail-job API FurySerializer.deserialize deserialization

A vulnerability was determined in aizuda snail-job up to 1.7.0 on macOS. Affected by this vulnerability is the function FurySerializer.deserialize of the component API. This manipulation of the argument argsStr causes deserialization. Remote exploitation of the attack is possible. The exploit has...

6.5CVSS0.00237EPSS
Exploits0References4
CVE
CVE
added 2025/12/30 11:32 a.m.8 views

CVE-2025-15246

Aizuda snail-job (macOS) up to version 1.7.0 is affected in the API component by FurySerializer.deserialize, where manipulating the argsStr enables deserialization leading to remote exploitation. The exploit has been publicly disclosed. Remediation: upgrade to a version newer than 1.7.0 (i.e., no...

6.5CVSS6.4AI score0.00237EPSS
Exploits0References4
NVD
NVD
added 2025/12/30 6:15 a.m.5 views

CVE-2025-15222

A vulnerability has been found in Dromara Sa-Token up to 1.44.0. This issue affects the function ObjectInputStream.readObject of the file SaSerializerTemplateForJdkUseBase64.java. Such manipulation leads to deserialization. The attack can be executed remotely. This attack is characterized by high...

5CVSS0.0022EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/30 5:32 a.m.4 views

CVE-2025-15222 Dromara Sa-Token SaSerializerTemplateForJdkUseBase64.java ObjectInputStream.readObject deserialization

A vulnerability has been found in Dromara Sa-Token up to 1.44.0. This issue affects the function ObjectInputStream.readObject of the file SaSerializerTemplateForJdkUseBase64.java. Such manipulation leads to deserialization. The attack can be executed remotely. This attack is characterized by high...

5CVSS6.3AI score0.0022EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/30 5:32 a.m.31 views

CVE-2025-15222 Dromara Sa-Token SaSerializerTemplateForJdkUseBase64.java ObjectInputStream.readObject deserialization

A vulnerability has been found in Dromara Sa-Token up to 1.44.0. This issue affects the function ObjectInputStream.readObject of the file SaSerializerTemplateForJdkUseBase64.java. Such manipulation leads to deserialization. The attack can be executed remotely. This attack is characterized by high...

5CVSS0.0022EPSS
Exploits0References4
CVE
CVE
added 2025/12/30 5:32 a.m.10 views

CVE-2025-15222

CVE-2025-15222 affects Dromara Sa-Token up to 1.44.0. The vulnerability is a deserialization flaw in ObjectInputStream.readObject within SaSerializerTemplateForJdkUseBase64.java, enabling remote manipulation with high complexity and publicly disclosed exploit. Multiple connected sources (Red Hat,...

5CVSS6.3AI score0.0022EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/30 12:0 a.m.10 views

Debian dla-4425 : python-django-doc - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4425 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4425-1 [email protected]...

9.1CVSS8AI score0.19396EPSS
Exploits10References6
RedhatCVE
RedhatCVE
added 2025/12/29 2:3 p.m.4 views

CVE-2025-15117

A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization. The attack may be launched remotely. This attack is characterized by high complexity. It is...

3.1CVSS4.2AI score0.00271EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/28 2:32 a.m.28 views

CVE-2025-15117 Dromara Sa-Token SaJdkSerializer.java ObjectInputStream.readObject deserialization

A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization. The attack may be launched remotely. This attack is characterized by high complexity. It is...

3.1CVSS0.00271EPSS
Exploits0References4
Rows per page
Query Builder