9 matches found
EUVD-2025-21560
Malicious code in bioql PyPI...
CVE-2025-2180
An unsafe deserialization vulnerability in Palo Alto Networks Checkov by Prisma® Cloud allows an authenticated user to execute arbitrary code as a non administrative user by scanning a malicious terraform file when using Checkov in Prisma® Cloud. This issue impacts Checkov 3.0 versions earlier th...
CVE-2024-47836 Admidio vulnerable to HTML Injection In The Messages Section
Admidio is an open-source user management solution. Prior to version 4.3.12, an unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Version 4.3.12 fixes this issue...
CVE-2023-45672
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code execution. This can be performed through the UI at /confi...
Progress Software WS_FTP Unauthenticated Remote Code Execution
This module exploits an unsafe .NET deserialization vulnerability to achieve unauthenticated remote code execution against a vulnerable WSFTP server running the Ad Hoc Transfer module. All versions of WSFTP Server prior to 2020.0.4 version 8.7.4 and 2022.0.2 version 8.8.2 are vulnerable to this...
Important: Red Hat Security Advisory: RHV 4.4 SP1 [ovirt-4.5.3-3] security update
Updated RHV packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2021-21868
CVE-2021-21868 affects CODESYS Development System 3.5.16 and 3.5.17. The root cause is an unsafe deserialization in ObjectManager.plugin GetMissingTypesFromAuxStream() that uses BinaryFormatter on untrusted data, enabling arbitrary code execution when a project auxiliary file (MissingTypeInformat...
CODESYS Development System PackageManagement.plugin ExtensionMethods.Clone() Unsafe Deserialization vulnerability
Summary An unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this...
CODESYS Development System ComponentModel ComponentManager.StartupCultureSettings Unsafe Deserialization vulnerability
Summary An unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious fi...