Lucene search
K

1321 matches found

Nuclei
Nuclei
added yesterday464 views

Revive Adserver 4.2 - Remote Code Execution

Revive Adserver 4.2 is susceptible to remote code execution. An attacker can send a crafted payload to the XML-RPC invocation script and trigger the unserialize call on the "what" parameter in the "openads.spc" RPC method. This can be exploited to perform various types of attacks, e.g...

9.8CVSS7.1AI score0.57022EPSS
Exploits7References5
Nuclei
Nuclei
added 2 days ago328 views

Yii 2 < 2.0.38 - Remote Code Execution

Yii 2 yiisoft/yii2 before version 2.0.38 is vulnerable to remote code execution if the application calls unserialize on arbitrary user input. id: CVE-2020-15148 info: name: Yii 2 2.0.38 - Remote Code Execution author: pikpikcu severity: critical description: Yii 2 yiisoft/yii2 before version 2.0....

10CVSS7.5AI score0.78759EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 3 days ago6 views

PT-2026-57368

Name of the Vulnerable Software and Affected Versions ps facetedsearch versions 3.0.0 through 4.0.3 Description A PHP Object Injection issue exists in the ps facetedsearch module. The module rebuilds search filters from the request URL, but the values for slider filters, specifically price or...

10CVSS6.6AI score0.00092EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/07/01 3:23 p.m.5 views

CVE-2026-58025

Deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/WikiImporter.Php, includes/Import/WikiRevision.Php, includes/Logging/LogEntryBase.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4,...

9.8CVSS5.8AI score0.00503EPSS
Exploits0
EUVD
EUVD
added 2026/07/01 12:34 a.m.10 views

EUVD-2026-40452

Grav CMS before 2.0.0-beta.2 contains multiple code-execution vulnerabilities. Three unsafe unserialize calls - in Scheduler\JobQueue, Framework\Cache\Adapter\FileCache, and Session - deserialize untrusted data without restricting allowed classes, enabling PHP object injection and, via a gadget...

9.8CVSS6.4AI score0.01683EPSS
Exploits0References3
OSV
OSV
added 2026/07/01 12:0 a.m.4 views

UBUNTU-CVE-2026-58025

Safely unserialize log entry parameters...

5.9CVSS5.8AI score0.00503EPSS
Exploits0References5
NVD
NVD
added 2026/06/30 11:17 p.m.10 views

CVE-2026-56700

Grav CMS before 2.0.0-beta.2 contains multiple code-execution vulnerabilities. Three unsafe unserialize calls - in Scheduler\JobQueue, Framework\Cache\Adapter\FileCache, and Session - deserialize untrusted data without restricting allowed classes, enabling PHP object injection and, via a gadget...

9.8CVSS0.01683EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.29 views

CVE-2026-56700 Grav - Multiple Remote Code Execution Vulnerabilities via Unsafe Unserialize and Command Injection

Grav CMS before 2.0.0-beta.2 contains multiple code-execution vulnerabilities. Three unsafe unserialize calls - in Scheduler\JobQueue, Framework\Cache\Adapter\FileCache, and Session - deserialize untrusted data without restricting allowed classes, enabling PHP object injection and, via a gadget...

9.8CVSS0.01683EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:8 p.m.24 views

CVE-2026-56700

Grav CMS (before 2.0.0-beta.2) contains multiple code-execution vulnerabilities. Three unsafe unserialize() calls in Scheduler\JobQueue, Framework\Cache\Adapter\FileCache, and Session deserialize untrusted data, enabling PHP object injection and, via a gadget chain, arbitrary code execution when ...

9.8CVSS6.4AI score0.01683EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 7:16 a.m.11 views

CVE-2026-12240

The Export User Data plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unserialize function in all versions up to, and including, 2.2.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to delet...

8CVSS0.00341EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/30 6:52 a.m.10 views

EUVD-2026-40260

The Export User Data plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unserialize function in all versions up to, and including, 2.2.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to delet...

8CVSS6.5AI score0.00341EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.14 views

PT-2026-53816

Name of the Vulnerable Software and Affected Versions Export User Data versions prior to 2.2.7 Description Insufficient file path validation in the unserialize function allows authenticated attackers with subscriber-level access or higher to delete arbitrary files on the server. This occurs when ...

8CVSS6.4AI score0.00341EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.16 views

PT-2026-54048

Name of the Vulnerable Software and Affected Versions Grav CMS versions prior to 2.0.0-beta.2 Description Multiple issues allow for code execution. Three unsafe unserialize calls within SchedulerJobQueue, FrameworkCacheAdapterFileCache, and Session deserialize untrusted data without restricting...

9.8CVSS6.5AI score0.01683EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 11:17 p.m.3 views

DEBIAN-CVE-2026-40083

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+implode in managers.php. At line 756 of managers.php, the application assigns $selecteditems by calling...

7.2CVSS5.9AI score0.00279EPSS
Exploits1References1
NVD
NVD
added 2026/06/25 11:17 p.m.9 views

CVE-2026-40083

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+implode in managers.php. At line 756 of managers.php, the application assigns $selecteditems by calling...

7.2CVSS0.00279EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/06/25 10:39 p.m.4 views

CVE-2026-40083

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+implode in managers.php. At line 756 of managers.php, the application assigns $selecteditems by calling...

7.2CVSS5.9AI score0.00279EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52626

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description An issue exists in the performance and fault management framework where improper handling of deserialized data leads to SQL Injection. In the 'managers.php' file, the application processes the selecte...

7.2CVSS5.9AI score0.00279EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.14 views

PT-2026-49343

Name of the Vulnerable Software and Affected Versions WP Travel Engine versions prior to 6.7.13 Description An unauthenticated PHP Object Injection exists in the software. PHP Object Injection occurs when user-supplied input is passed to the PHP unserialize function without proper validation,...

9.8CVSS5.8AI score0.00383EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.12 views

CVE-2026-10721

Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7 f...

8.4CVSS5.5AI score0.0014EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 8:16 a.m.12 views

CVE-2026-10721

Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7...

8.4CVSS0.0014EPSS
Exploits0References1
Rows per page
Query Builder