CVE-2026-25031 WordPress Tasty Daily theme < 1.27 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in parkofideas Tasty Daily tastydaily allows Object Injection.This issue affects Tasty Daily: from n/a through 1.27...

CVE-2026-28074 WordPress Pizza House theme <= 1.4.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeREX Pizza House pizzahouse allows Object Injection.This issue affects Pizza House: from n/a through = 1.4.0...

Qwik 代码问题漏洞

Qwik is a micro-web framework developed by Qwik Dev. Versions of Qwik 1.19.0 and earlier contained code vulnerabilities. These vulnerabilities stemmed from the insecure deserialization in the server$ RPC mechanism, allowing any unverified user to execute arbitrary code on the server through a...

CVE-2026-26335

Calero VeraSMART versions prior to 2022 R1 use static ASP.NET/IIS machineKey values configured for the VeraSMART web application and stored in C:\\Program Files x86\\Veramark\\VeraSMART\\WebRoot\\web.config. An attacker who obtains these keys can craft a valid ASP.NET ViewState payload that...

CVE-2026-26335

CVE-2026-26335 affects Calero VeraSMART web applications running on IIS where VeraSMART versions prior to 2022 R1 store static machineKey values in web.config. The static keys allow an attacker to craft a valid ASP.NET ViewState payload, bypassing integrity checks and enabling server-side deseria...

CVE-2026-26335 Calero VeraSMART < 2022 R1 Static IIS Machine Keys Enable ViewState RCE

Calero VeraSMART versions prior to 2022 R1 use static ASP.NET/IIS machineKey values configured for the VeraSMART web application and stored in C:\Program Files x86\Veramark\VeraSMART\WebRoot\web.config. An attacker who obtains these keys can craft a valid ASP.NET ViewState payload that passes...

CVE-2026-26335

Calero VeraSMART versions prior to 2022 R1 use static ASP.NET/IIS machineKey values configured for the VeraSMART web application and stored in C:\Program Files x86\Veramark\VeraSMART\WebRoot\web.config. An attacker who obtains these keys can craft a valid ASP.NET ViewState payload that passes...

CVE-2026-26335 Calero VeraSMART < 2022 R1 Static IIS Machine Keys Enable ViewState RCE

Calero VeraSMART versions prior to 2022 R1 use static ASP.NET/IIS machineKey values configured for the VeraSMART web application and stored in C:\Program Files x86\Veramark\VeraSMART\WebRoot\web.config. An attacker who obtains these keys can craft a valid ASP.NET ViewState payload that passes...

CVE-2025-49393 WordPress Sign-up Sheets Plugin <= 2.3.2 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets allows Object Injection.This issue affects Sign-up Sheets: from n/a through = 2.3.2...

📄 Roundcube 1.6.10 Remote Code Execution

Roundcube Webmail versions prior to 1.5.10 and versions 1.6.x prior to 1.6.11 allow remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP object deserialization. An attacker can execute arbitrary...

The vulnerability of the org.apache.xmlrpc.parser.XmlRpcResponseParser.addResult method in the Apache XML-RPC library, related to the restoration of unreliable data in memory, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the org.apache.xmlrpc.parser.XmlRpcResponseParser.addResult method in the Apache XML-RPC library is related to an deserialization exception from the server side, serialized in the faultCause attribute of XMLRPC error messages. Exploiting this vulnerability can allow a malicio...

CVE-2019-6503

There is a deserialization vulnerability in Chatopera cosin v3.10.0. An attacker can execute commands during server-side deserialization by uploading maliciously constructed files. This is related to the TemplateController.java impsave method and the MainUtils toObject method...

ScrumWorks Pro 6.7.0 RCE Vulnerability

ScrumWorks Pro is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...