Lucene search
+L

43 matches found

cve
cve
added 2 days ago37 views

CVE-2026-45077

CVE-2026-45077 concerns Symfony’s server:log listener (part of Symfony\Bridge\Monolog) which binds to 0.0.0.0:9911 by default and processes each frame with unserialize(base64_decode($message)) without authentication or an allowed-classes allowlist. This permits any reachable host to submit attack...

8.6CVSS6.1AI score0.00551EPSS
Exploits0References6Affected Software1
osv
osv
added 2026/06/18 11:37 p.m.3 views

CVE-2026-12046 pgAdmin 4: Unauthenticated pickle deserialization in SQL Editor close / update_connection routes enables remote code execution

Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/ and POST /sqleditor/initialize/sqleditor/updateconnection/// -- were the only routes in the module missing the @pgaloginrequired decorator. Both reach a pickle.loads sink on session'gridData''commandobj':...

9.5CVSS6.7AI score0.0071EPSS
Exploits0References5
cve
cve
added 2026/06/18 11:37 p.m.107 views

CVE-2026-12046

CVE-2026-12046: pgAdmin 4 exposes unauthenticated deserialization sink in SQL Editor close and update_connection routes (DELETE /sqleditor/close/, POST /sqleditor/initialize/sqleditor/update_connection///). Missing @pga_login_required allows unauthenticated access to pickle.loads on session['grid...

9.5CVSS6.8AI score0.0071EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37670

Unauthenticated Deserialization of untrusted data in Slimstat Analytics 5.4.0 versions...

6.5CVSS5.2AI score0.00252EPSS
Exploits0References2
nvd
nvd
added 2026/06/17 1:20 p.m.11 views

CVE-2026-27410

Unauthenticated Deserialization of untrusted data in Slimstat Analytics 5.4.0 versions...

6.5CVSS0.00252EPSS
Exploits0References1
nvd
nvd
added 2026/06/15 11:16 p.m.14 views

CVE-2026-48853

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote code...

9.2CVSS0.00573EPSS
Exploits0References4
cve
cve
added 2026/06/15 9:56 p.m.32 views

CVE-2026-48853

CVE-2026-48853 affects the elixir-grpc/grpc stack where the Erlpack codec decodes gRPC payloads with :erlang.binary_to_term/1 without safety bounds. This leads to untrusted data deserialization, atom creation risk (atom table exhaustion) and potential remote code execution if a malicious term rea...

9.2CVSS6.5AI score0.00573EPSS
Exploits0References4
euvd
euvd
added 2026/06/15 9:30 p.m.8 views

EUVD-2026-36915

Unauthenticated Deserialization of untrusted data in Paid Videochat Turnkey Site = 7.3.23 versions...

8.1CVSS5.2AI score0.00317EPSS
Exploits0References2
nvd
nvd
added 2026/06/15 9:16 p.m.8 views

CVE-2026-27333

Unauthenticated Deserialization of untrusted data in Paid Videochat Turnkey Site = 7.3.23 versions...

8.1CVSS0.00317EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/15 12:0 a.m.9 views

PT-2026-49360

Unauthenticated Deserialization of untrusted data in Paid Videochat Turnkey Site = 7.3.23 versions...

8.1CVSS5.2AI score0.00317EPSS
Exploits0References2
github
github
added 2026/05/27 9:13 p.m.17 views

Symfony has Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener

Description Symfony\Bridge\Monolog\Command\ServerLogCommand the server:log console command is a development-time helper that opens a TCP listener and displays log records pushed to it by the application's logging pipeline. Two unsafe defaults combine into a remotely reachable PHP...

8.6CVSS6.4AI score0.00551EPSS
Exploits0References6Affected Software2
vulncheck_kev
vulncheck_kev
added 2026/01/20 12:0 a.m.9 views

VulnCheck KEV: CVE-2025-26399

SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patc...

9.8CVSS6.4AI score0.8833EPSS
In wildExploits1References4
packetstorm
packetstorm
added 2025/12/24 12:0 a.m.371 views

📄 Adobe Commerce Insecure Deserialization

This flaw in Magento 2 / Adobe Commerce 2.4.x enables remote attackers to manipulate internal session handling paths and abuse PHP object chains Guzzle FileCookieJar gadget to achieve arbitrary file write, leading to remote code execution...

9.1CVSS9.9AI score0.96742EPSS
Exploits9
cnnvd
cnnvd
added 2025/12/18 12:0 a.m.6 views

RPi-Jukebox-RFID 安全漏洞

RPi-Jukebox-RFID is a contactless jukebox for the Raspberry Pi from the individual developer Micz Flor in Germany. It plays audio files, playlists, podcasts, web streams and spotify triggered by RFID cards. A security vulnerability exists in RPi-Jukebox-RFID, which stems from an unauthenticated...

7.5CVSS7.2AI score0.00437EPSS
Exploits1References2
euvd
euvd
added 2025/10/18 6:30 a.m.12 views

EUVD-2017-18922

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.7.9.3 exclusive via deserialization of untrusted input from the isexpiredbydate function. This makes it possible for...

9.8CVSS6AI score0.00659EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2025/10/09 8:19 p.m.4 views

CVE-2025-35051 Newforma Project Center Server (NPCS) .NET unauthenticated deserialization

Newforma Project Center Server NPCS accepts serialized .NET data via the '/ProjectCenter.rem' endpoint on 9003/tcp, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. According to the recommended architecture, the vulnerable NPCS...

9.8CVSS7.6AI score0.00789EPSS
Exploits0References3
cvelist
cvelist
added 2025/10/09 8:19 p.m.14 views

CVE-2025-35051 Newforma Project Center Server (NPCS) .NET unauthenticated deserialization

Newforma Project Center Server NPCS accepts serialized .NET data via the '/ProjectCenter.rem' endpoint on 9003/tcp, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. According to the recommended architecture, the vulnerable NPCS...

9.8CVSS0.00789EPSS
Exploits0References3
cve
cve
added 2025/10/09 8:19 p.m.29 views

CVE-2025-35050

Summary: CVE-2025-35050 affects Newforma Info Exchange (NIX), where insecure deserialization of serialized .NET data via the /remoteweb/remote.rem endpoint allows a remote, unauthenticated attacker to execute arbitrary code with NT AUTHORITY\NetworkService privileges. The vulnerable endpoint is u...

9.8CVSS7.6AI score0.00861EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2025/10/09 8:19 p.m.10 views

CVE-2025-35050 Newforma Info Exchange (NIX) .NET unauthenticated deserialization

Newforma Info Exchange NIX accepts serialized .NET data via the '/remoteweb/remote.rem' endpoint, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. The vulnerable endpoint is used by Newforma Project Center Server NPCS, so a...

9.8CVSS0.00861EPSS
Exploits0References4
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-30842

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.8833EPSS
Exploits1References3
Rows per page
Query Builder