Lucene search
K

423 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.10 views

CVE-2025-62373

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Versions 0.0.41 through 0.0.93 have a vulnerability in LivekitFrameSerializer – an optional, non-default, undocumented frame serializer class now deprecated intended for LiveKit...

9.8CVSS6.8AI score0.00701EPSS
Exploits1References1
Fedora
Fedora
added 2026/05/29 1:13 a.m.16 views

[SECURITY] Fedora 44 Update: perl-Sereal-Encoder-5.005-1.fc44

This library implements an efficient, compact-output, and feature-rich serializer using a binary protocol called Sereal...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.17 views

Linux Distros Unpatched Vulnerability : CVE-2026-31072

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure...

9.8CVSS6AI score0.0081EPSS
Exploits0References2
NVD
NVD
added 2026/05/21 5:16 p.m.16 views

CVE-2026-48207

Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...

9.8CVSS0.00574EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/21 3:51 p.m.41 views

CVE-2026-48207 Apache Fory: PyFory ReduceSerializer Incomplete Policy Enforcement

Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...

0.00574EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/21 3:51 p.m.13 views

CVE-2026-48207

Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...

9.8CVSS5.8AI score0.00574EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/21 3:51 p.m.10 views

CVE-2026-48207 Apache Fory: PyFory ReduceSerializer Incomplete Policy Enforcement

Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...

5.8AI score0.00574EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 3:51 p.m.26 views

CVE-2026-48207

CVE-2026-48207 affects Apache Fory: PyFory ReduceSerializer deserializes attacker-controlled data and could bypass DeserializationPolicy validation during reduce-state restoration and global-name resolution. Impact is high (CVSS 3.1: 9.8, CRITICAL, NETWORK/LOW/ NONE user interactions). The issue ...

9.8CVSS5.8AI score0.00574EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/21 3:51 p.m.11 views

EUVD-2026-31292

Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...

9.8CVSS5.8AI score0.00574EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

Apache Fory 代码问题漏洞

Apache Fory is a serialization framework developed by the Apache Foundation. Versions of Apache Fory prior to 1.0.0 contained code vulnerabilities. These vulnerabilities stemmed from the ReduceSerializer in PyFory, which might bypass the DeserializationPolicy validation hook during state...

9.8CVSS5.9AI score0.00574EPSS
Exploits0References1
OSV
OSV
added 2026/05/19 6:32 p.m.9 views

GHSA-9CFW-F3F9-7MM7 APScheduler's JSONSerializer and CBORSerializer are vulnerable to Remote Code Execution (RCE) via Insecure Deserialization

The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...

9.8CVSS6AI score0.0081EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/19 6:32 p.m.12 views

APScheduler's JSONSerializer and CBORSerializer are vulnerable to Remote Code Execution (RCE) via Insecure Deserialization

The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...

9.8CVSS6AI score0.0081EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/19 5:20 p.m.12 views

CVE-2026-31072

A flaw was found in APScheduler, affecting its JSONSerializer and CBORSerializer components. This vulnerability, known as insecure deserialization, allows a remote attacker to execute arbitrary code on the system. By sending a specially crafted data payload, an attacker can manipulate the...

9.8CVSS6.2AI score0.0081EPSS
Exploits0References5
OSV
OSV
added 2026/05/19 4:16 p.m.7 views

DEBIAN-CVE-2026-31072

The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...

9.8CVSS6AI score0.0081EPSS
Exploits0References1
NVD
NVD
added 2026/05/19 4:16 p.m.15 views

CVE-2026-31072

The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...

9.8CVSS0.0081EPSS
Exploits0References5
OSV
OSV
added 2026/05/19 4:16 p.m.5 views

UBUNTU-CVE-2026-31072

The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...

9.8CVSS6AI score0.0081EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/19 12:0 a.m.31 views

CVE-2026-31072

The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...

0.0081EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/19 12:0 a.m.9 views

CVE-2026-31072

The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...

6AI score0.0081EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.19 views

apscheduler 安全漏洞

apscheduler is a Python task scheduling and queueing system developed by Alex Grönholm. There are security vulnerabilities in the apscheduler 3.10.x version and 4.0.0a5 version. These vulnerabilities stem from the unmarshalobject function in JSONSerializer and CBORSerializer, which allows arbitra...

9.8CVSS6.3AI score0.0081EPSS
Exploits0References2
CVE
CVE
added 2026/05/19 12:0 a.m.37 views

CVE-2026-31072

The vulnerability CVE-2026-31072 affects APScheduler’s JSONSerializer and CBORSerializer across all versions (including 3.10.x and 4.0.0a5). The root cause is insecure deserialization: the unmarshal_object function can instantiate arbitrary classes and inject state by dynamically importing module...

9.8CVSS6AI score0.0081EPSS
Exploits0References5
Rows per page
Query Builder