Lucene search
K

23 matches found

Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-49256 Discourse: Hidden tag names leaked via category serializers

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, restricted tag and tag-group names attached to publicly readable categories as allowedtags, allowedtaggroups, or required tag groups could leak to anonymous and unauthorized users through categor...

6.3CVSS0.00384EPSS
Exploits0References5
CVE
CVE
added 2 days ago10 views

CVE-2026-49256

Discourse (open-source discussion platform) contains a vulnerability where restricted tag and tag-group names attached to publicly readable categories could leak to anonymous/unauthorized users via category and group endpoints. Affected releases prior to fixes include 2026.6.0, 2026.5.1, 2026.4.2...

6.3CVSS5.9AI score0.00384EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/11 12:0 a.m.5 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The Kryo-based persistence serializers KryoStateMachineSerialisationService / AbstractKryoStateMachineSerialisationService deserialise persisted state-machine contexts without enabling...

8.8CVSS6.5AI score0.00423EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/11 12:0 a.m.6 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The Kryo-based persistence serializers KryoStateMachineSerialisationService / AbstractKryoStateMachineSerialisationService deserialise persisted state-machine contexts without enabling...

8.8CVSS6.5AI score0.00423EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/23 4:2 a.m.15 views

Malicious code in @onerjs/serializers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 729400f12e8686271847d4633518c63363e156c251d18ede6f1d2e947aa2c0e0 This package replicates the public API of @babylonjs/serializers and ships its source verbatim, but rewrites every internal import from @babylonjs/co...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/23 4:2 a.m.8 views

MAL-2026-4413 Malicious code in @onerjs/serializers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 729400f12e8686271847d4633518c63363e156c251d18ede6f1d2e947aa2c0e0 This package replicates the public API of @babylonjs/serializers and ships its source verbatim, but rewrites every internal import from @babylonjs/co...

5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/08 2:2 p.m.2 views

CVE-2026-3739 suitenumerique messages ThreadAccess serializers.py ThreadAccessSerializer improper authentication

A security flaw has been discovered in suitenumerique messages 0.2.0. This issue affects the function ThreadAccessSerializer of the file src/backend/core/api/serializers.py of the component ThreadAccess. The manipulation results in improper authentication. The attack can be executed remotely. The...

6.5CVSS5.5AI score0.00319EPSS
Exploits0References8
Packet Storm News
Packet Storm News
added 2025/05/22 12:0 a.m.5 views

Secure Parsing and Serializing with Separation Logic Applied to CBOR, CDDL, and COSE

Incorrect handling of security-critical data formats, particularly in low-level languages, are the root cause of many security vulnerabilities. Provably correct parsing and serialization tools that target languages like C can help. Towards this end, we present PulseParse, a library of verified...

7.4AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:46 p.m.8 views

Malicious code in active-model_version_serializers (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
OSV
OSV
added 2024/06/25 1:46 p.m.9 views

MAL-2024-6423 Malicious code in active-model_version_serializers (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:46 p.m.5 views

Malicious code in active-model_serializers_validator (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:46 p.m.5 views

Malicious code in active-model_serializers_matchers (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
OSV
OSV
added 2024/06/25 1:46 p.m.8 views

MAL-2024-6416 Malicious code in active-model_serializers_cancancan (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:46 p.m.7 views

Malicious code in active-model_serializers_cancancan (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:46 p.m.8 views

Malicious code in active-model_serializers_binary (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:46 p.m.6 views

Malicious code in active-model_serializers-matchers (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:46 p.m.9 views

Malicious code in active-model_serializers-jsonapi_embedded_records_deserializer (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:46 p.m.6 views

Malicious code in active-model_serializers-hash_wrapper (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:46 p.m.8 views

Malicious code in active-model_serializers-cancan (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
Snyk
Snyk
added 2020/04/17 12:0 a.m.1 views

Malicious Package

Overview active-modelserializersbinary is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid usi...

8CVSS6.9AI score
Exploits0References2
Rows per page
Query Builder