42 matches found
EUVD-2026-33701
An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files from session directories using torch.load with unrestricted deserialization...
CVE-2026-38950
An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files from session directories using torch.load with unrestricted deserialization...
CVE-2026-38950
An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files from session directories using torch.load with unrestricted deserialization...
CVE-2026-27206 Zumba Json Serializer has a potential PHP Object Injection via Unrestricted @type in unserialize()
Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The deserializer instantiates any class specified in the @type field without restriction. When...
GHSA-V7M3-FPCR-H7M2 Zumba Json Serializer has a potential PHP Object Injection via Unrestricted @type in unserialize()
Description The zumba/json-serializer library allows deserialization of PHP objects from JSON using a special @type field. Prior to version 3.2.3, the deserializer would instantiate any class specified in the @type field without restriction. When processing untrusted JSON input, this behavior may...
Laravel Reverb code issue vulnerabilities
Laravel Reverb is a library open sourced from The Laravel Framework. It brings real-time WebSocket communication to Laravel applications. Versions of Laravel Reverb 1.6.3 and earlier have code vulnerabilities; these vulnerabilities stem from the direct transmission of data to the deserialization...
EUVD-2024-25863
Malicious code in bioql PyPI...
CVE-2025-27818
A possible security vulnerability has been identified in Apache Kafka. This requires access to a alterConfig to the cluster resource, or Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, whic...
CVE-2020-14942
Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py...
CVE-2024-28777
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to unrestricted deserialization. This vulnerability allows users to execute arbitrary code, escalate privileges, or cause denial of service attacks by exploiting the unrestricted deserialization of types in th...
CVE-2024-28777
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to unrestricted deserialization. This vulnerability allows users to execute arbitrary code, escalate privileges, or cause denial of service attacks by exploiting the unrestricted deserialization of types in th...
CVE-2024-28777
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to unrestricted deserialization. This vulnerability allows users to execute arbitrary code, escalate privileges, or cause denial of service attacks by exploiting the unrestricted deserialization of types in th...
CVE-2024-28777 IBM Cognos Controller code execution
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to unrestricted deserialization. This vulnerability allows users to execute arbitrary code, escalate privileges, or cause denial of service attacks by exploiting the unrestricted deserialization of types in th...
CVE-2024-28777
CVE-2024-28777 affects IBM Cognos Controller 11.0.0–11.0.1 FP3 and IBM Controller 11.1.0. It is caused by unrestricted deserialization of types in the application, enabling arbitrary code execution, privilege escalation, or denial of service. IBM’s security bulletin lists related fixes: Cognos Co...
IBM Cognos Controller 代码问题漏洞
IBM Cognos Controller is a suite of business intelligence and planning solutions from International Business Machines IBM. The product features process automation, financial audit control, and creating and managing financial reports. IBM Cognos Controller has a code issue vulnerability that stems...
PT-2025-7407 · Ibm · Ibm Cognos Controller +1
Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 11.0.0 through 11.0.1 FP3 IBM Controller version 11.1.0 Description: The issue concerns unrestricted deserialization in the application, allowing users to execute arbitrary code, escalate privileges, or cause...
GHSA-RGFX-7P65-3FF4 Apache Cassandra: unrestricted deserialization of JMX authentication credentials
In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these...
CVE-2024-27137 Apache Cassandra: unrestricted deserialization of JMX authentication credentials
In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these...
VulnCheck KEV: CVE-2017-7504
HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server = Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via...
CVE-2020-14942
Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py...