Lucene search
K

1826 matches found

NVD
NVD
added yesterday5 views

CVE-2026-57516

Ray prior to 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader that allows attackers to achieve remote code execution by supplying a malicious tar archive to the readwebdataset function. The defaultdecoder function in webdatasetdatasource.py unconditionally calls...

8.8CVSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-57516

Ray prior to 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader that allows attackers to achieve remote code execution by supplying a malicious tar archive to the readwebdataset function. The defaultdecoder function in webdatasetdatasource.py unconditionally calls...

8.8CVSS6.6AI score
Exploits0References6
CVE
CVE
added yesterday6 views

CVE-2026-57516

Ray prior to 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader that allows attackers to achieve remote code execution by supplying a malicious tar archive to the readwebdataset function. The defaultdecoder function in webdatasetdatasource.py unconditionally calls...

8.8CVSS6.6AI score
Exploits0References5
EUVD
EUVD
added yesterday5 views

EUVD-2026-41089

Ray prior to 2.56.0 contains an unsafe deserialization vulnerability in the WebDataset reader that allows attackers to achieve remote code execution by supplying a malicious tar archive to the readwebdataset function. The defaultdecoder function in webdatasetdatasource.py unconditionally calls...

8.8CVSS6.6AI score
Exploits0References5
Cvelist
Cvelist
added yesterday12 views

CVE-2026-58025 Remote Code Execution via Unsafe Deserialization in LogItem Import

Deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/WikiImporter.Php, includes/Import/WikiRevision.Php, includes/Logging/LogEntryBase.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4,...

5.9CVSS
Exploits0References1
OSV
OSV
added 3 days ago4 views

PYSEC-2026-330 EPyT-Flow vulnerable to unsafe JSON deserialization (__type__)

Impact EPyT-Flow’s REST API parses attacker-controlled JSON request bodies using a custom deserializer myloadfromjson that supports a type field. When type is present, the deserializer dynamically imports an attacker-specified module/class and instantiates it with attacker-supplied arguments. Thi...

10CVSS5.9AI score0.00657EPSS
Exploits0References7
OSV
OSV
added 3 days ago5 views

PYSEC-2026-427 Modular Max Serve has Unsafe Deserialization vulnerability

Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, specifically when the "--experimental-enable-kvcache-agent" feature is used allowing attackers to execute arbitrary code...

9.3CVSS6.3AI score0.00291EPSS
Exploits1References10
OSV
OSV
added 3 days ago4 views

PYSEC-2026-567 vLLM Allows Remote Code Execution via PyNcclPipe Communication Service

Impacted Environments This issue ONLY impacts environments using the PyNcclPipe KV cache transfer integration with the V0 engine. No other configurations are affected. Summary vLLM supports the use of the PyNcclPipe class to establish a peer-to-peer communication domain for data transmission...

9.8CVSS7.9AI score0.00959EPSS
Exploits1References8
NVD
NVD
added 6 days ago7 views

CVE-2026-53914

In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata...

9.8CVSS0.00196EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-53914

In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata...

6.7CVSS0.00196EPSS
Exploits0References1
CVE
CVE
added 6 days ago51 views

CVE-2026-53914

CVE-2026-53914 affects JetBrains Kotlin prior to 2.4.20, where unsafe deserialization in the build cache metadata allows code execution. The NVD notes a high-severity, network-vector vulnerability with critical impact to confidentiality, integrity, and availability; local context in CVSS from CNA...

9.8CVSS6.2AI score0.00196EPSS
Exploits0References1Affected Software1
Nuclei
Nuclei
added 2026/06/25 1:31 a.m.88 views

Wazuh - Unsafe Deserialization Remote Code Execution

A critical Remote Code Execution RCE vulnerability exists in Wazuh server versions = 4.4.0 and = 4.4.0 and 4.9.1. The vulnerability occurs due to unsafe deserialization in the wazuh-manager package, specifically in the DistributedAPI where parameters are serialized as JSON and deserialized using...

9.9CVSS7.8AI score0.92579EPSS
Exploits10References3
EUVD
EUVD
added 2026/06/24 6:32 p.m.5 views

EUVD-2026-38801

Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request to the registry server. The userdefinedfunction.body field of an OnDemandFeatureView spec is decoded from...

9.8CVSS6.8AI score0.00862EPSS
Exploits1References5
NVD
NVD
added 2026/06/24 4:16 p.m.7 views

CVE-2026-56121

Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request to the registry server. The userdefinedfunction.body field of an OnDemandFeatureView spec is decoded from...

9.8CVSS0.00862EPSS
Exploits1References7
CVE
CVE
added 2026/06/24 2:49 p.m.13 views

CVE-2026-56121

Feast

9.8CVSS6.8AI score0.00862EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51837

Name of the Vulnerable Software and Affected Versions Feast versions prior to 0.63.0 Description An unsafe deserialization issue exists in the registry server that allows unauthenticated or unauthorized attackers to achieve remote code execution. By sending a crafted gRPC request, an attacker can...

9.8CVSS6.3AI score0.00862EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.32 views

Linux Distros Unpatched Vulnerability : CVE-2026-54513

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4,...

8.1CVSS5.8AI score0.00677EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.17 views

PT-2026-51595

Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.10.0 through 2.18.7 jackson-databind versions 2.21.0 through 2.21.3 jackson-databind versions 3.1.0 through 3.1.3 Description An issue exists in the PolymorphicTypeValidator PTV, the primary safety mechanism for...

8.1CVSS6.5AI score0.00617EPSS
Exploits1References12
NVD
NVD
added 2026/06/20 4:17 p.m.14 views

CVE-2026-56304

picklescan before 1.0.1 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to create arbitrary zero-byte files via logging.FileHandler class instantiation. Attackers can exploit this by crafting malicious pickle payloads to bypass RCE blocklists and create...

6.9CVSS0.00288EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/17 6:35 p.m.7 views

Duplicate Advisory: picklescan missing detection by simple obfuscation of a `builtins.eval` call

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9m3x-qqw2-h32h. This link is maintained to preserve external references. Original Description picklescan before 1.0.1 contains an unsafe deserialization vulnerability allowing unauthenticated users to execute...

9.8CVSS6AI score0.00519EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder