Lucene search
+L

1332 matches found

EUVD
EUVD
added 2026/05/19 9:16 a.m.13 views

EUVD-2026-30854

The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize. An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation requires administrative...

7.1CVSS6AI score0.00389EPSS
Exploits0References1
OSV
OSV
added 2026/05/19 9:16 a.m.4 views

CVE-2026-8727 Remote Code Execution in extension "Site Crawler" (crawler)

The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize. An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation requires administrative...

7.1CVSS6.2AI score0.00389EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.16 views

PT-2026-41867

The Crawler extension passes the X-T3Crawler-Meta response header from crawled URLs directly to PHP's unserialize. An attacker controlling a crawled endpoint can inject arbitrary serialized PHP objects, leading to Remote Code Execution on the TYPO3 server. Exploitation requires administrative...

7.1CVSS6AI score0.00389EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.20 views

PT-2026-41865

Name of the Vulnerable Software and Affected Versions Content Element Selector ceselector affected versions not specified Description The extension passes an attacker-controlled cookie directly to the unserialize function without safe processing. A remote, unauthenticated attacker can provide a...

9.2CVSS6.1AI score0.02306EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.21 views

TYPO3 Extension Content Element Selector 代码问题漏洞

TYPO3 Extension Content Element Selector is an open-source extension for TYPO3 that allows users to select content elements. This extension has a code vulnerability that stems from the extension directly passing cookies controlled by the attacker to the PHP’s unserialize function without proper...

9.2CVSS6.1AI score0.02306EPSS
Exploits1References1
NVD
NVD
added 2026/05/18 9:16 p.m.21 views

CVE-2026-26978

FreePBX is an open source IP PBX. In versions below 16.0.71 and 17.0.6, the backup module does not properly sanitize data during restore operations, potentially leading to compromise if the backup contains carefully crafted hostile data. During backup restore operations, FreePBX extracts selected...

8.6CVSS0.00896EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/18 8:49 p.m.14 views

EUVD-2026-30810

FreePBX is an open source IP PBX. In versions below 16.0.71 and 17.0.6, the backup module does not properly sanitize data during restore operations, potentially leading to compromise if the backup contains carefully crafted hostile data. During backup restore operations, FreePBX extracts selected...

8.6CVSS5.8AI score0.00896EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/15 6:7 p.m.20 views

SimpleSAMLphp casserver FileSystemTicketStore path traversal allows out-of-ticket-directory read/unserialize and conditional deletion

Summary simplesamlphp-module-casserver builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory with an attacker-controlled ticket identifier. Public CAS validation/proxy endpoints pass attacker-controlled ticket / pgt query parameters into...

8.6CVSS5.8AI score0.00422EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/15 6:7 p.m.7 views

GHSA-JRRG-99XH-5J2Q SimpleSAMLphp casserver FileSystemTicketStore path traversal allows out-of-ticket-directory read/unserialize and conditional deletion

Summary simplesamlphp-module-casserver builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory with an attacker-controlled ticket identifier. Public CAS validation/proxy endpoints pass attacker-controlled ticket / pgt query parameters into...

8.6CVSS5.8AI score0.00422EPSS
Exploits0References5
OSV
OSV
added 2026/05/05 9:29 p.m.4 views

GHSA-GWFR-JFJF-92VV Grav has Insecure Deserialization in File Cache

Insecure Deserialization in File Cache - Severity: High - CWE: CWE-502 - Location: system/src/Grav/Framework/Cache/Adapter/FileCache.php - Sink: unserialize$value, 'allowedclasses' = true Affected versions - Affected: = 1.7.44 and true allows object instantiation and does not constrain classes. P...

5CVSS5.8AI score0.00224EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2026/05/05 9:29 p.m.8 views

Grav has Insecure Deserialization in File Cache

Insecure Deserialization in File Cache - Severity: High - CWE: CWE-502 - Location: system/src/Grav/Framework/Cache/Adapter/FileCache.php - Sink: unserialize$value, 'allowedclasses' = true Affected versions - Affected: = 1.7.44 and true allows object instantiation and does not constrain classes. P...

5CVSS5.8AI score0.00224EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 9:29 p.m.7 views

Grav has multiple RCE vectors: unsafe unserialize (x3), command injection in git clone, SSTI blocklist bypass

Multiple RCE vectors were found in Grav CMS. Three are critical, two are high. 1. Unsafe unserialize in JobQueue — direct RCE gadget Critical system/src/Grav/Common/Scheduler/JobQueue.php:465 calls unserializebase64decode... without restricting allowedclasses. The Job class has...

6AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/05 9:29 p.m.6 views

GHSA-VJ3M-2G9H-VM4P Grav has multiple RCE vectors: unsafe unserialize (x3), command injection in git clone, SSTI blocklist bypass

Multiple RCE vectors were found in Grav CMS. Three are critical, two are high. 1. Unsafe unserialize in JobQueue — direct RCE gadget Critical system/src/Grav/Common/Scheduler/JobQueue.php:465 calls unserializebase64decode... without restricting allowedclasses. The Job class has...

9.8CVSS6AI score0.01683EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2026/05/04 12:0 a.m.30 views

VulnCheck KEV: CVE-2026-3296

The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.3 via deserialization of untrusted input from form entry metadata. This is due to the html-admin-page-entries-view.php file calling PHP's native unserialize on stored entry meta...

9.8CVSS5.8AI score0.00878EPSS
In wildExploits1References2
GithubExploit
GithubExploit
added 2026/05/02 2:18 p.m.155 views

php-8.5.5-var_destroy-uaf

PHP 8.5.5 — vardestroy destruct reentrancy UAF Siste...

6AI score
Exploits0
Snyk
Snyk
added 2026/05/01 5:32 p.m.7 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the unserialize process. An attacker can execute arbitrary code by sending a crafted serialized PHP closure to the TCP server, which is then deserialized and executed without authentication or...

8.6CVSS6.1AI score0.00253EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/01 5:32 p.m.6 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the unserialize function in the sync-invoke client when processing data received from a server response. An attacker can execute arbitrary code by sending crafted serialized data from a malicious...

9.8CVSS6.1AI score0.01757EPSS
Exploits2References2
Snyk
Snyk
added 2026/05/01 5:32 p.m.5 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the FileHandler process. An attacker can execute arbitrary code by supplying crafted serialized data to the session or cache handlers, which are processed using unserialize from the filesystem...

9.8CVSS6.1AI score0.0038EPSS
Exploits0References2
NVD
NVD
added 2026/05/01 4:16 p.m.11 views

CVE-2026-42471

Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client Connection.php:76 calls unserialize on data received from the server response, enabling client-side RCE if connecting to a malicious server...

8.1CVSS0.01757EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2026/05/01 12:0 a.m.5 views

CVE-2026-42472

Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize on data from Redis in the RedisHandler object...

5.8AI score0.0038EPSS
Exploits0References3
Rows per page
Query Builder