PT-2026-40062

The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability CWE-502 in the BaseLabeler.load method of the BaseLabeler class. The method loads serialized labeler models using the unsafe pickle.load function on user-supplied file paths without any validation or...

CVE-2023-5939

The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users...

The vulnerability of the “kiosk” mode in the redos-kiosk-utils package of the RED OS operating system allows a intruder to execute arbitrary commands.

The vulnerability of the “kiosk” mode in the redos-kiosk-utils package of the RED OS operating system is related to deficiencies in restricting the loading of files of a dangerous type. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

Security Bulletin: IBM® Db2® is affected by a vulnerability in the netty library. (CVE-2024-47535, CVE-2025-25193)

Summary IBM® Db2® is vulnerable to a denial of service due to unsafe environment file loading. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers &...

Vulnerability of the /user/onlineuser.php script in D-Link DAR-7000 and DAR-8000 router microprogramming software, allowing a hacker to execute arbitrary code

The vulnerability of the /user/onlineuser.php script in D-Link’s router microprogramming software DAR-7000 and DAR-8000 is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...