CVE-2026-7818

Deserialization of untrusted data CWE-502 in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents using Python's standard object-serialization module before performing any HMAC integrity check. Any file dropped into the sessions directo...

Exploit for Code Injection in Craftcms Craft_Cms

CVE-2025-32432 Here's the updated README file, now including t...

pyLoad: Unprotected storage_folder enables arbitrary file write to Flask session store and code execution (Incomplete fix for CVE-2026-33509)

Summary The fix for CVE-2026-33509 GHSA-r7mc-x6x7-cqxx added an ADMINONLYOPTIONS set to block non-admin users from modifying security-critical config options. The storagefolder option is not in this set and passes the existing path restriction because the Flask session directory is outside both...

CVE-2026-2646

A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSLd2iSSLSESSION function. When deserializing session data with SESSIONCERTS enabled, certificate and session id lengths are read from an untrusted input without bounds validation, allowing an attacker to overflow fixed-size buffers and...

Linux Distros Unpatched Vulnerability : CVE-2026-2646

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSLd2iSSLSESSION function. When deserializing session data with SESSIONCERTS enabled, certificate a...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the wolfSSLd2iSSLSESSION function when deserializing session data with the SESSIONCERTS option enabled. An attacker can corrupt heap memory and potentially execute arbitrary code or cause a crash by supplyi...

Heap-based Buffer Overflow

Overview wolfssl is a Python module that encapsulates wolfSSL's C SSL/TLS library. Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the wolfSSLd2iSSLSESSION function when deserializing session data with the SESSIONCERTS option enabled. An attacker can corrupt heap...

DEBIAN-CVE-2026-2646

A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSLd2iSSLSESSION function. When deserializing session data with SESSIONCERTS enabled, certificate and session id lengths are read from an untrusted input without bounds validation, allowing an attacker to overflow fixed-size buffers and...

UBUNTU-CVE-2026-2646

A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSLd2iSSLSESSION function. When deserializing session data with SESSIONCERTS enabled, certificate and session id lengths are read from an untrusted input without bounds validation, allowing an attacker to overflow fixed-size buffers and...

CVE-2026-2646

A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSLd2iSSLSESSION function. When deserializing session data with SESSIONCERTS enabled, certificate and session id lengths are read from an untrusted input without bounds validation, allowing an attacker to overflow fixed-size buffers and...

CVE-2026-2646

CVE-2026-2646 involves a heap-buffer-overflow in wolfSSL_d2i_SSL_SESSION() when deserializing session data with SESSION_CERTS enabled. The issue stems from reading certificate and session-id lengths from untrusted input without bounds checks, which can overflow fixed-size buffers and corrupt heap...

CVE-2026-2646

A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSLd2iSSLSESSION function. When deserializing session data with SESSIONCERTS enabled, certificate and session id lengths are read from an untrusted input without bounds validation, allowing an attacker to overflow fixed-size buffers and...

CVE-2026-2646 Heap buffer overflow in session parsing with wolfSSL_d2i_SSL_SESSION() function

A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSLd2iSSLSESSION function. When deserializing session data with SESSIONCERTS enabled, certificate and session id lengths are read from an untrusted input without bounds validation, allowing an attacker to overflow fixed-size buffers and...

CVE-2026-2646

A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSLd2iSSLSESSION function. When deserializing session data with SESSIONCERTS enabled, certificate and session id lengths are read from an untrusted input without bounds validation, allowing an attacker to overflow fixed-size buffers and...

CVE-2025-34205 Vasion Print (formerly PrinterLogic) Dangerous PHP Dead Code Enables RCE

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 VA and SaaS deployments contains dangerous PHP dead code present in multiple Docker-hosted PHP instances. A script named /var/www/app/resetroot.php found in several containers...

Exploit for CVE-2025-1337

PoC para CVE-2025-1337 Prueba de concepto para la vulnerabili...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

CVE-2025-24813 - Apache Tomcat Remote Code Execution Exploit...

CVE-2025-31129

Jooby is a web framework for Java and Kotlin. The pac4j io.jooby.internal.pac4j.SessionStoreImplget module deserializes untrusted data. This vulnerability is fixed in 2.17.0 2.x and 3.7.0 3.x...

SUSE CVE-2024-2044

pgAdmin = 8.3 is affected by a path-traversal vulnerability while deserializing users' sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on...

CVE-2024-2044

pgAdmin = 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on...