Lucene search
K

11 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-0249

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00796EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-4613

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.15853EPSS
Exploits1References22
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-56110

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.01294EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 2:18 a.m.6 views

CVE-2023-51389

Hertzbeat is a real-time monitoring system. At the interface of /define/yml, SnakeYAML is used as a parser to parse yml content, but no security configuration is used, resulting in a YAML deserialization vulnerability. Version 1.4.1 fixes this vulnerability...

9.8CVSS7AI score0.01294EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/04/02 7:31 a.m.19 views

CVE-2024-39780 Use of unsafe yaml load in dynparam

A YAML deserialization vulnerability was found in the Robot Operating System ROS 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load functi...

7.8CVSS0.00373EPSS
Exploits0References1
CVE
CVE
added 2025/04/02 7:31 a.m.63 views

CVE-2024-39780

Summary (CVE-2024-39780) : A YAML deserialization vulnerability affects the Robot Operating System (ROS) dynparam tool used to manage parameters for ROS nodes, impacting Noetic and earlier. The root cause is the use of yaml.load() in the set and get verbs, which can instantiate arbitrary Python o...

9.8CVSS8AI score0.00373EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/02/22 3:59 p.m.38 views

CVE-2023-51389 HertzBeat SnakeYAML Deser RCE

Hertzbeat is a real-time monitoring system. At the interface of /define/yml, SnakeYAML is used as a parser to parse yml content, but no security configuration is used, resulting in a YAML deserialization vulnerability. Version 1.4.1 fixes this vulnerability...

9.8CVSS9.7AI score0.01294EPSS
Exploits1References2
CVE
CVE
added 2024/02/22 3:59 p.m.71 views

CVE-2023-51389

CVE-2023-51389 affects Hertzbeat, a real-time monitoring system. The vulnerability resides at the /define/yml interface, where SnakeYAML is used to parse YAML without a security configuration, enabling YAML deserialization. Affects versions prior to 1.4.1; version 1.4.1 fixes the issue. The issue...

9.8CVSS9.6AI score0.01294EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/17 3:46 p.m.15 views

CVE-2022-47986 IBM Aspera Faspex code execution

IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. T...

9.8CVSS9.5AI score0.99968EPSS
Exploits5References3
Tenable Nessus
Tenable Nessus
added 2018/03/27 12:0 a.m.47 views

Amazon Linux AMI : ruby24 / ruby22,ruby23 (ALAS-2018-978)

Unsafe object deserialization through YAML formatted gem specifications : A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute arbitrary code ...

9.8CVSS7.6AI score0.15853EPSS
Exploits1References2
Amazon
Amazon
added 2018/03/21 12:0 a.m.63 views

Medium: ruby24, ruby22, ruby23

Issue Overview: Unsafe object deserialization through YAML formatted gem specifications: A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute...

9.8CVSS9.8AI score0.15853EPSS
Exploits1
Rows per page
Query Builder