Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

132 matches found

Snyk
Snykadded 2026/05/01 5:32 p.m.1 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the unserialize function in the sync-invoke client when processing data received from a server response. An attacker can execute arbitrary code by sending crafted serialized data from a malicious...

9.8CVSS6.1AI score0.02308EPSS
Exploits2References2
RedhatCVE
RedhatCVEadded 2026/03/30 10:18 a.m.1 views

CVE-2026-33993

A flaw was found in Locutus, a library that integrates standard libraries from other programming languages into JavaScript. The unserialize function, which converts serialized PHP data into JavaScript objects, fails to filter the proto key during deserialization. A remote attacker can exploit thi...

9.8CVSS5.9AI score0.00055EPSS
Exploits1References7
NVD
NVDadded 2026/03/27 11:17 p.m.1 views

CVE-2026-33993

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.25, the unserialize function in locutus/php/var/unserialize assigns deserialized keys to plain objects via bracket notation without filtering the proto key. When a PHP serialized...

9.8CVSS0.00055EPSS
Exploits1References4
CVE
CVEadded 2026/03/27 10:14 p.m.12 views

CVE-2026-33993

Locutus (locutus/php/var/unserialize) is affected by prototype pollution via the proto key during PHP unserialize deserialization. Before v3.0.25, unserialize assigns keys into plain objects using bracket notation, which can trigger the proto setter and replace the object prototype with attacker-...

9.8CVSS5.9AI score0.00055EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/03/27 10:14 p.m.2 views

CVE-2026-33993

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.25, the unserialize function in locutus/php/var/unserialize assigns deserialized keys to plain objects via bracket notation without filtering the proto key. When a PHP serialized...

6.9CVSS5.9AI score0.00055EPSS
Exploits1References5Affected Software1
Cvelist
Cvelistadded 2026/03/27 10:14 p.m.23 views

CVE-2026-33993 Locutus has Prototype Pollution via __proto__ Key Injection in unserialize()

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.25, the unserialize function in locutus/php/var/unserialize assigns deserialized keys to plain objects via bracket notation without filtering the proto key. When a PHP serialized...

6.9CVSS0.00055EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2026/03/27 10:14 p.m.0 views

CVE-2026-33993 Locutus has Prototype Pollution via __proto__ Key Injection in unserialize()

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.25, the unserialize function in locutus/php/var/unserialize assigns deserialized keys to plain objects via bracket notation without filtering the proto key. When a PHP serialized...

6.9CVSS5.9AI score0.00055EPSS
Exploits1References4
Snyk
Snykadded 2026/03/27 5:57 p.m.1 views

Prototype Pollution

Overview locutus is a Locutus other languages' stadard libraries to JavaScript for fun and educational purposes Affected versions of this package are vulnerable to Prototype Pollution in the unserialize function. An attacker can inject arbitrary properties into the prototype of deserialized...

9.8CVSS6.6AI score0.00055EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2026/03/27 12:0 a.m.0 views

PT-2026-28587

Name of the Vulnerable Software and Affected Versions Locutus versions prior to 3.0.25 Description The unserialize function in locutus/php/var/unserialize assigns deserialized keys to plain objects via bracket notation without filtering the proto key. When a PHP serialized payload contains proto ...

6.9CVSS5.9AI score0.00055EPSS
Exploits1References8
RedhatCVE
RedhatCVEadded 2026/01/09 11:50 a.m.6 views

CVE-2009-4137

The loadContentFromCookie function in core/Cookie.php in Piwik before 0.5 does not validate strings obtained from cookies before calling the unserialize function, which allows remote attackers to execute arbitrary code or upload arbitrary files via vectors related to the destruct function in the...

7.5CVSS8AI score0.04884EPSS
Exploits2References1
Positive Technologies
Positive Technologiesadded 2026/01/07 12:0 a.m.2 views

PT-2026-1654

Name of the Vulnerable Software and Affected Versions DZS Video Gallery versions through 12.37 Description The software contains a flaw due to deserialization of untrusted data, which allows for object injection. This issue presents a potential for remote code execution. The vulnerable component...

9.8CVSS7.7AI score0.00098EPSS
Exploits0References5
NVD
NVDadded 2025/12/18 9:15 p.m.0 views

CVE-2025-63950

An insecure deserialization vulnerability exists in the download.php script of the to3k Twittodon application through commit b1c58a7d1dc664b38deb486ca290779621342c0b 2023-02-28. The 'obj' parameter receives base64-encoded data that is passed directly to the unserialize function without validation...

7.5CVSS0.00978EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2009-4571

Malware in sbrugna...

5CVSS6.1AI score0.0047EPSS
Exploits1References11
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2021-11491

Malware in sbrugna...

8.8CVSS8.4AI score0.00776EPSS
Exploits2References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2016-1939

Malware in sbrugna...

8.1CVSS8AI score0.00841EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.5 views

EUVD-2009-4385

Malware in sbrugna...

5CVSS6.4AI score0.00398EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.0 views

EUVD-2020-12725

Malware in sbrugna...

7.5CVSS7.5AI score0.00361EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2025/10/06 7:32 p.m.1 views

CVE-2025-11346 ILIAS Base64 Decoding unserialize deserialization

A vulnerability has been found in ILIAS up to 8.23/9.13/10.1. This affects the function unserialize of the component Base64 Decoding Handler. Such manipulation of the argument fsettings leads to deserialization. It is possible to launch the attack remotely. Upgrading to version 8.24, 9.14 and 10....

6.5CVSS6.7AI score0.00093EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2023-50983

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.00768EPSS
Exploits3References5
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2025-5934

Malicious code in bioql PyPI...

6.3CVSS8.7AI score0.00139EPSS
Exploits0References4
Rows per page
Query Builder