Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-11346

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-06 Oct, 2025 | 19:32
Updated At-24 Feb, 2026 | 06:46
Rejected At-
Credits

ILIAS Base64 Decoding unserialize deserialization

A vulnerability has been found in ILIAS up to 8.23/9.13/10.1. This affects the function unserialize of the component Base64 Decoding Handler. Such manipulation of the argument f_settings leads to deserialization. It is possible to launch the attack remotely. Upgrading to version 8.24, 9.14 and 10.2 is able to mitigate this issue. It is advisable to upgrade the affected component.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:06 Oct, 2025 | 19:32
Updated At:24 Feb, 2026 | 06:46
Rejected At:
â–¼CVE Numbering Authority (CNA)
ILIAS Base64 Decoding unserialize deserialization

A vulnerability has been found in ILIAS up to 8.23/9.13/10.1. This affects the function unserialize of the component Base64 Decoding Handler. Such manipulation of the argument f_settings leads to deserialization. It is possible to launch the attack remotely. Upgrading to version 8.24, 9.14 and 10.2 is able to mitigate this issue. It is advisable to upgrade the affected component.

Affected Products
Vendor
n/a
Product
ILIAS
CPEs
  • cpe:2.3:a:ilias:ilias:*:*:*:*:*:*:*:*
Modules
  • Base64 Decoding Handler
Versions
Affected
  • 8.0
  • 8.1
  • 8.2
  • 8.3
  • 8.4
  • 8.5
  • 8.6
  • 8.7
  • 8.8
  • 8.9
  • 8.10
  • 8.11
  • 8.12
  • 8.13
  • 8.14
  • 8.15
  • 8.16
  • 8.17
  • 8.18
  • 8.19
  • 8.20
  • 8.21
  • 8.22
  • 8.23
  • 9.0
  • 9.1
  • 9.2
  • 9.3
  • 9.4
  • 9.5
  • 9.6
  • 9.7
  • 9.8
  • 9.9
  • 9.10
  • 9.11
  • 9.12
  • 9.13
  • 10.0
  • 10.1
Unaffected
  • 8.24
  • 9.14
  • 10.2
Problem Types
TypeCWE IDDescription
CWECWE-502Deserialization
CWECWE-20Improper Input Validation
Type: CWE
CWE ID: CWE-502
Description: Deserialization
Type: CWE
CWE ID: CWE-20
Description: Improper Input Validation
Metrics
VersionBase scoreBase severityVector
4.05.3MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
3.06.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
2.06.5N/A
AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C
Version: 4.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
Version: 3.0
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
Version: 2.0
Base score: 6.5
Base severity: N/A
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

reporter
rehme_srlabs (VulDB User)
Timeline
EventDate
Advisory disclosed2025-10-06 00:00:00
VulDB entry created2025-10-06 02:00:00
VulDB entry last update2025-10-15 09:15:18
Event: Advisory disclosed
Date: 2025-10-06 00:00:00
Event: VulDB entry created
Date: 2025-10-06 02:00:00
Event: VulDB entry last update
Date: 2025-10-15 09:15:18
Replaced By

Rejected Reason

References
HyperlinkResource
https://vuldb.com/?id.327231
vdb-entry
technical-description
https://vuldb.com/?ctiid.327231
signature
permissions-required
https://vuldb.com/?submit.664892
third-party-advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2113
government-resource
Hyperlink: https://vuldb.com/?id.327231
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.327231
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.664892
Resource:
third-party-advisory
Hyperlink: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2113
Resource:
government-resource
â–¼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://srlabs.de/blog/breaking-ilias-part-2-three-to-rce
N/A
Hyperlink: https://srlabs.de/blog/breaking-ilias-part-2-three-to-rce
Resource: N/A
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:06 Oct, 2025 | 20:15
Updated At:23 Jan, 2026 | 19:15

A vulnerability has been found in ILIAS up to 8.23/9.13/10.1. This affects the function unserialize of the component Base64 Decoding Handler. Such manipulation of the argument f_settings leads to deserialization. It is possible to launch the attack remotely. Upgrading to version 8.24, 9.14 and 10.2 is able to mitigate this issue. It is advisable to upgrade the affected component.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.3MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary2.06.5MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Type: Secondary
Version: 4.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 2.0
Base score: 6.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
CPE Matches

ilias
ilias
>>ilias>>8.23
cpe:2.3:a:ilias:ilias:8.23:*:*:*:*:*:*:*
ilias
ilias
>>ilias>>9.13
cpe:2.3:a:ilias:ilias:9.13:*:*:*:*:*:*:*
ilias
ilias
>>ilias>>10.1
cpe:2.3:a:ilias:ilias:10.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Secondarycna@vuldb.com
CWE-502Secondarycna@vuldb.com
CWE ID: CWE-20
Type: Secondary
Source: cna@vuldb.com
CWE ID: CWE-502
Type: Secondary
Source: cna@vuldb.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://vuldb.com/?ctiid.327231cna@vuldb.com
Permissions Required
VDB Entry
https://vuldb.com/?id.327231cna@vuldb.com
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.664892cna@vuldb.com
Third Party Advisory
VDB Entry
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2113cna@vuldb.com
Third Party Advisory
https://srlabs.de/blog/breaking-ilias-part-2-three-to-rceaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://vuldb.com/?ctiid.327231
Source: cna@vuldb.com
Resource:
Permissions Required
VDB Entry
Hyperlink: https://vuldb.com/?id.327231
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://vuldb.com/?submit.664892
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2113
Source: cna@vuldb.com
Resource:
Third Party Advisory
Hyperlink: https://srlabs.de/blog/breaking-ilias-part-2-three-to-rce
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1930Records found

CVE-2013-7171
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.34% / 92.79%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 13:46
Updated-06 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, contain world-writable permissions on the /tmp directory which could allow remote attackers to execute arbitrary code with root privileges.

Action-Not Available
Vendor-n/aSlackware
Product-slackware_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2026-7301
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.40% / 31.95%
||
7 Day CHG~0.00%
Published-18 May, 2026 | 10:38
Updated-19 May, 2026 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2026-7301

SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the internet.

Action-Not Available
Vendor-lmsysSGLang
Product-sglangSGLang
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-7304
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.58% / 43.69%
||
7 Day CHG~0.00%
Published-18 May, 2026 | 10:39
Updated-19 May, 2026 | 13:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2026-7304

SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads() will be deserialized without validation.

Action-Not Available
Vendor-lmsysSGLang
Product-sglangSGLang
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-7637
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.57% / 43.13%
||
7 Day CHG~0.00%
Published-20 May, 2026 | 02:27
Updated-20 May, 2026 | 12:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Boost <= 2.0.3 - Unauthenticated PHP Object Injection via STYXKEY-BOOST_USER_LOCATION Cookie

The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOST_USER_LOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.

Action-Not Available
Vendor-PixelYourSite
Product-Boost
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-23045
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.48% / 38.17%
||
7 Day CHG~0.00%
Published-28 Jan, 2025 | 15:19
Updated-16 Sep, 2025 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVAT allows remote code execution via tracker Nuclio functions

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with an account on an affected CVAT instance is able to run arbitrary code in the context of the Nuclio function container. This vulnerability affects CVAT deployments that run any of the serverless functions of type tracker from the CVAT Git repository, namely TransT and SiamMask. Deployments with custom functions of type tracker may also be affected, depending on how they handle state serialization. If a function uses an unsafe serialization library such as pickle or jsonpickle, it's likely to be vulnerable. Upgrade to CVAT 2.26.0 or later. If you are unable to upgrade, shut down any instances of the TransT or SiamMask functions you're running.

Action-Not Available
Vendor-cvatcvat-ai
Product-computer_vision_annotation_toolcvat
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-7858
Matching Score-4
Assigner-Dassault Systèmes
ShareView Details
Matching Score-4
Assigner-Dassault Systèmes
CVSS Score-9.8||CRITICAL
EPSS-0.54% / 41.61%
||
7 Day CHG~0.00%
Published-01 Jun, 2026 | 07:45
Updated-01 Jun, 2026 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x

A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x could lead to an unauthenticated remote code execution.

Action-Not Available
Vendor-Dassault Systèmes S.E. (3DS)
Product-Magic Collaboration StudioTeamwork Cloud - Enterprise EditionTeamwork Cloud - Business EditionTeamwork Cloud - Business Pro EditionTeamwork Cloud - Standard Edition
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-8024
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-9.3||CRITICAL
EPSS-0.55% / 42.14%
||
7 Day CHG~0.00%
Published-18 Jun, 2026 | 09:43
Updated-18 Jun, 2026 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Deserialization vulnerability in ibaPDA and ibaDatCoordinator

A remote, unauthenticated attacker may exploit a deserialization of untrusted data vulnerability in ibaPDA or ibaDatCoordinator to gain full access to the affected systems.

Action-Not Available
Vendor-iba
Product-ibaPDAibaDatCoordinator
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-7803
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 27.77%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 19:15
Updated-02 Jul, 2026 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Flow Validation Bypass via Empty Component Type Field

IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component type fields.

Action-Not Available
Vendor-langflowIBM Corporation
Product-langflowLangflow OSS
CWE ID-CWE-20
Improper Input Validation
CVE-2026-7871
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 30.59%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 19:14
Updated-02 Jul, 2026 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insecure Deserialization in Redis Cache Backend

IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity.

Action-Not Available
Vendor-langflowIBM Corporation
Product-langflowLangflow OSS
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2013-4409
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-3.04% / 85.90%
||
7 Day CHG~0.00%
Published-04 Nov, 2019 | 20:45
Updated-06 Aug, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.

Action-Not Available
Vendor-reviewboardPython Software Foundation; BeanbagRed Hat, Inc.Fedora Project
Product-djbletsreview_boardfedoraenterprise_linuxReview BoardDjblets
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4250
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.15% / 63.04%
||
7 Day CHG~0.00%
Published-20 May, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file.

Action-Not Available
Vendor-n/aTYPO3 Association
Product-typo3n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4094
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-5.63% / 92.00%
||
7 Day CHG~0.00%
Published-28 Jun, 2013 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Key Management feature in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the (1) private_key or (2) public_key parameter in a T/keyManagement request to plain/settings.html, as demonstrated by uploading a Linux ELF file and a shell script.

Action-Not Available
Vendor-impervan/a
Product-securespheren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4144
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.96% / 57.17%
||
7 Day CHG+0.09%
Published-30 Jun, 2022 | 17:21
Updated-06 Aug, 2024 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an object injection vulnerability in swfupload plugin for wordpress.

Action-Not Available
Vendor-swfupload_projectn/a
Product-swfuploadswfupload wordpress plugin
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2026-6023
Matching Score-4
Assigner-Progress Software Corporation
ShareView Details
Matching Score-4
Assigner-Progress Software Corporation
CVSS Score-8.1||HIGH
EPSS-0.54% / 41.42%
||
7 Day CHG~0.00%
Published-22 Apr, 2026 | 07:13
Updated-05 May, 2026 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Deserialization of Untrusted Data Vulnerability in Telerik UI for ASP.NET AJAX

In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the client. If an attacker tampers with this state, a server-side remote code execution is possible.

Action-Not Available
Vendor-Progress Software Corporation
Product-telerik_ui_for_asp.net_ajaxTelerik UI for ASP.NET AJAX
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2019-16774
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.4||MEDIUM
EPSS-1.23% / 65.22%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 23:05
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Object injection in cookie driver

In phpfastcache before 5.1.3, there is a possible object injection vulnerability in cookie driver.

Action-Not Available
Vendor-phpfastcachePHPSocialNetwork
Product-phpfastcachephpfastcache
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-22137
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.57% / 42.80%
||
7 Day CHG~0.00%
Published-08 Jan, 2025 | 16:08
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary File Overwrite via HTTP POST in Pingvin Share

Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated (if anonymous shares are allowed) user to overwrite arbitrary files on the server, including sensitive system files, via HTTP POST requests. The issue has been patched in version 1.4.0.

Action-Not Available
Vendor-stonith404
Product-pingvin-share
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-24679
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-7.5||HIGH
EPSS-1.75% / 75.04%
||
7 Day CHG~0.00%
Published-22 Dec, 2020 | 21:17
Updated-17 Sep, 2024 | 01:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service attack on Symphony Plus

A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted.

Action-Not Available
Vendor-ABB
Product-symphony_\+_historiansymphony_\+_operationsABB Ability™ Symphony® Plus OperationsABB Ability™ Symphony® Plus Historian
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4103
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-6.87% / 93.27%
||
7 Day CHG~0.00%
Published-04 Nov, 2019 | 14:41
Updated-06 Aug, 2024 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input

Action-Not Available
Vendor-cryptocat_projectn/a
Product-cryptocatn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4521
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-4.14% / 89.61%
||
7 Day CHG~0.00%
Published-06 Feb, 2020 | 15:43
Updated-06 Aug, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-2165.

Action-Not Available
Vendor-nuxeoNuxeo
Product-nuxeoNuxeo Platform
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2019-16942
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.68% / 92.05%
||
7 Day CHG~0.00%
Published-01 Oct, 2019 | 16:04
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFedora ProjectOracle CorporationFasterXML, LLC.NetApp, Inc.Red Hat, Inc.
Product-retail_sales_auditprimavera_unifiercommunications_cloud_native_core_network_slice_selection_functiononcommand_api_servicescommunications_billing_and_revenue_managementsiebel_engineering_-_installer_\&_deploymentjd_edwards_enterpriseone_orchestratorprimavera_gatewaysiebel_ui_frameworkenterprise_linuxactive_iq_unified_managerbanking_platformdatabase_serveroncommand_workflow_automationretail_merchandising_systemglobal_lifecycle_management_nextgen_oui_frameworksteelstore_cloud_integrated_storagedebian_linuxweblogic_serverjackson-databindcommunications_calendar_serverfedoracommunications_evolved_communications_application_servergoldengate_application_adapterswebcenter_sitesservice_level_managerjboss_enterprise_application_platformjd_edwards_enterpriseone_toolswebcenter_portaln/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2013-3738
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.12% / 86.27%
||
7 Day CHG~0.00%
Published-17 Feb, 2020 | 15:54
Updated-06 Aug, 2024 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code.

Action-Not Available
Vendor-n/aZABBIX
Product-zabbixn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-24036
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.94% / 85.41%
||
7 Day CHG~0.00%
Published-04 Mar, 2021 | 12:28
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code.

Action-Not Available
Vendor-fork-cmsn/a
Product-fork_cmsn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2019-17042
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.07% / 86.02%
||
7 Day CHG~0.00%
Published-07 Oct, 2019 | 15:34
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.

Action-Not Available
Vendor-rsyslogn/aDebian GNU/LinuxopenSUSEFedora Project
Product-rsyslogdebian_linuxfedoraleapn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-41875
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-1.60% / 72.85%
||
7 Day CHG~0.00%
Published-23 Nov, 2022 | 00:00
Updated-23 Apr, 2025 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Execution in Optica

A remote code execution (RCE) vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Specially crafted JSON payloads may lead to RCE (remote code execution) on the attacked system running Optica. The vulnerability was patched in v. 0.10.2, where the call to the function `oj.load` was changed to `oj.safe_load`.

Action-Not Available
Vendor-airbnbairbnb
Product-opticaoptica
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-68541
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.38% / 29.51%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 15:46
Updated-28 Apr, 2026 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ippsum theme <= 1.2.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in BoldThemes Ippsum ippsum allows Object Injection.This issue affects Ippsum: from n/a through <= 1.2.0.

Action-Not Available
Vendor-BoldThemes
Product-Ippsum
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2013-2571
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-16.20% / 96.55%
||
7 Day CHG~0.00%
Published-28 Jan, 2020 | 14:44
Updated-06 Aug, 2024 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Iris 3.8 before build 1548, as used in Xpient point of sale (POS) systems, allows remote attackers to execute arbitrary commands via a crafted request to TCP port 7510, as demonstrated by opening the cash drawer.

Action-Not Available
Vendor-hcommn/a
Product-xpient_irisn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-41779
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.8||HIGH
EPSS-1.05% / 60.21%
||
7 Day CHG~0.00%
Published-31 Oct, 2022 | 19:19
Updated-16 Apr, 2025 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize network packets without proper verification. If the device connects to an attacker-controlled server, the attacker could send maliciously crafted packets that would be deserialized and executed, leading to remote code execution.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-infrasuite_device_masterInfraSuite Device Master
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2022-42837
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.06% / 79.02%
||
7 Day CHG~0.00%
Published-15 Dec, 2022 | 00:00
Updated-21 Apr, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, watchOS 9.2. A remote user may be able to cause unexpected app termination or arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-ipadoswatchosmacosiphone_osmacOSwatchOS
CWE ID-CWE-20
Improper Input Validation
CVE-2022-41778
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-1.03% / 59.66%
||
7 Day CHG~0.00%
Published-12 Jan, 2023 | 23:19
Updated-07 Nov, 2023 | 03:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-DataCollect service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon deserialization.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-infrasuite_device_masterInfraSuite Device Master
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-2109
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-8.8||HIGH
EPSS-1.27% / 66.20%
||
7 Day CHG+0.01%
Published-12 Feb, 2020 | 14:35
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods.

Action-Not Available
Vendor-Jenkins
Product-pipeline\Jenkins Pipeline: Groovy Plugin
CWE ID-CWE-20
Improper Input Validation
CVE-2013-1751
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.87% / 90.98%
||
7 Day CHG~0.00%
Published-07 Nov, 2019 | 21:51
Updated-06 Aug, 2024 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters.

Action-Not Available
Vendor-twikin/a
Product-twikin/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-2093
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-5.22% / 91.50%
||
7 Day CHG~0.00%
Published-20 Nov, 2019 | 20:13
Updated-06 Aug, 2024 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands.

Action-Not Available
Vendor-Dolibarr ERP & CRM
Product-dolibarr_erp\/crmdolibarr
CWE ID-CWE-20
Improper Input Validation
CVE-2020-20136
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.52% / 71.49%
||
7 Day CHG~0.00%
Published-14 Dec, 2020 | 18:30
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

QuantConnect Lean versions from 2.3.0.0 to 2.4.0.1 are affected by an insecure deserialization vulnerability due to insecure configuration of TypeNameHandling property in Json.NET library.

Action-Not Available
Vendor-quantconnectn/a
Product-leann/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2013-1910
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.50% / 82.74%
||
7 Day CHG~0.00%
Published-31 Oct, 2019 | 18:36
Updated-06 Aug, 2024 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository.

Action-Not Available
Vendor-baseurlyumDebian GNU/Linux
Product-debian_linuxyumyum
CWE ID-CWE-20
Improper Input Validation
CVE-2013-2143
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-48.22% / 98.72%
||
7 Day CHG~0.00%
Published-17 Apr, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.

Action-Not Available
Vendor-n/aThe ForemanRed Hat, Inc.
Product-network_satellitekatellon/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-19559
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.19% / 64.23%
||
7 Day CHG~0.00%
Published-11 Sep, 2023 | 00:00
Updated-26 Sep, 2024 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a remote attacker to execute arbitrary code via a crafted payload to the ResolveMethod() parameter.

Action-Not Available
Vendor-dieboldnixdorfn/a
Product-agilis_xfs_for_optevan/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-56121
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.86% / 54.12%
||
7 Day CHG+0.11%
Published-24 Jun, 2026 | 14:49
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Feast < 0.63.0 Unauthenticated RCE via ApplyFeatureView gRPC Deserialization

Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request to the registry server. The user_defined_function.body field of an OnDemandFeatureView spec is decoded from base64 and passed to dill.loads() before any authorization check is performed, enabling attackers to embed a malicious serialized Python object with an arbitrary __reduce__ method to execute OS commands as the feast service account.

Action-Not Available
Vendor-feast-devRed Hat, Inc.
Product-feastRed Hat OpenShift AI (RHOAI)
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-2000
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.74% / 50.16%
||
7 Day CHG~0.00%
Published-14 Mar, 2025 | 13:04
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qiskit SDK code execution

A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. A python process calling Qiskit 0.18.0 through 1.4.1's `qiskit.qpy.load()` function could potentially execute any arbitrary Python code embedded in the correct place in the binary file as part of specially constructed payload.

Action-Not Available
Vendor-IBM Corporation
Product-qiskitQiskit SDK
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-56032
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 40.64%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 14:52
Updated-26 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Buddyboss Platform plugin <= 3.0.4 - PHP Object Injection vulnerability

Subscriber PHP Object Injection in Buddyboss Platform <= 3.0.4 versions.

Action-Not Available
Vendor-BUDDYBOSS LLC
Product-Buddyboss Platform
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-56057
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 34.28%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 14:52
Updated-26 Jun, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Uncanny Automator Pro plugin <= 7.3.0.6 - PHP Object Injection vulnerability

Subscriber PHP Object Injection in Uncanny Automator Pro <= 7.3.0.6 versions.

Action-Not Available
Vendor-Uncanny Owl Inc.
Product-Uncanny Automator Pro
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2022-41922
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-1.13% / 62.53%
||
7 Day CHG~0.00%
Published-23 Nov, 2022 | 00:00
Updated-23 Apr, 2025 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
yiisoft/yii before v1.1.27 vulnerable to Remote Code Execution if the application calls `unserialize()` on arbitrary user input

`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. This has been patched in 1.1.27.

Action-Not Available
Vendor-yiiframeworkyiisoft
Product-yiiyii
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-1747
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-5.30% / 91.59%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 13:56
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.

Action-Not Available
Vendor-pyyamlopenSUSERed Hat, Inc.Fedora ProjectOracle Corporation
Product-communications_cloud_native_core_network_function_cloud_native_environmentfedorapyyamlleapPyYAML
CWE ID-CWE-20
Improper Input Validation
CVE-2025-15375
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.37% / 29.07%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 05:02
Updated-24 Feb, 2026 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EyouCMS arcpagelist Ajax.php unserialize deserialization

A flaw has been found in EyouCMS up to 1.7.7. The impacted element is the function unserialize of the file application/api/controller/Ajax.php of the component arcpagelist Handler. Executing a manipulation of the argument attstr can lead to deserialization. The attack can be launched remotely. The exploit has been published and may be used. The vendor is "[a]cknowledging the existence of the vulnerability, we have completed the fix and will release a new version, v1.7.8".

Action-Not Available
Vendor-eyoucmsn/a
Product-eyoucmsEyouCMS
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-15453
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.32% / 23.38%
||
7 Day CHG~0.00%
Published-05 Jan, 2026 | 02:32
Updated-23 Feb, 2026 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
milvus HTTP Endpoint expr.go expr.Exec deserialization

A security vulnerability has been detected in milvus up to 2.6.7. This vulnerability affects the function expr.Exec of the file pkg/util/expr/expr.go of the component HTTP Endpoint. The manipulation of the argument code leads to deserialization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. A fix is planned for the next release 2.6.8.

Action-Not Available
Vendor-n/a
Product-milvus
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2013-1465
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.09% / 93.45%
||
7 Day CHG~0.00%
Published-08 Feb, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config object.

Action-Not Available
Vendor-cubecartn/a
Product-cubecartn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-67617
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.55% / 41.83%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:51
Updated-28 Apr, 2026 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Consult Aid theme <= 1.4.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in themeton Consult Aid consultaid allows Object Injection.This issue affects Consult Aid: from n/a through <= 1.4.3.

Action-Not Available
Vendor-themeton
Product-Consult Aid
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-56700
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-1.68% / 74.18%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:08
Updated-01 Jul, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Grav - Multiple Remote Code Execution Vulnerabilities via Unsafe Unserialize and Command Injection

Grav CMS before 2.0.0-beta.2 contains multiple code-execution vulnerabilities. Three unsafe unserialize() calls - in Scheduler\JobQueue, Framework\Cache\Adapter\FileCache, and Session - deserialize untrusted data without restricting allowed classes, enabling PHP object injection and, via a gadget chain, arbitrary code execution where an attacker controls the serialized input. Additionally, InstallCommand's git clone operation passes the branch, url, and path parameters into a shell command without escaping, allowing OS command injection via plugin/theme installation (which requires admin access). A Twig security blocklist bypass (server-side template injection) is also present. The issues are fixed in 2.0.0-beta.2.

Action-Not Available
Vendor-Grav
Product-Grav
CWE ID-CWE-502
Deserialization of Untrusted Data
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-58126
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.75% / 50.47%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 14:39
Updated-02 Jul, 2026 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PACSgear PACS Scan 5.2.1 Unauthenticated RCE via .NET Remoting TCP Service

PACSgear PACS Scan 5.2.1 contains an unauthenticated remote code execution vulnerability that allows remote attackers to read and write arbitrary files by exploiting an exposed .NET Remoting TCP service on port 22222 via PGImageExchQueue.exe without any authentication requirement. Attackers can chain the arbitrary file write primitive with DLL hijacking in PGImageExchangeQueueSvc.exe, which loads missing DLLs such as CRYPTSP.DLL from the application directory, to achieve remote code execution as NT Authority\SYSTEM upon service restart.

Action-Not Available
Vendor-Hyland
Product-PACSgear PACS Scan
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-58127
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.78% / 51.41%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 14:41
Updated-02 Jul, 2026 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PACSgear MediaWriter 5.2.1 Unauthenticated RCE via .NET Remoting TCP Service

PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 via PacsgearMediaServerEngine.dll, registered with ObjectURIs RemoteObj and UIRemoteObj, without any authentication requirement. By exploiting the MarshalByRefObject object unmarshalling technique and implementing .NET WebClient class methods, an unauthenticated remote attacker can read and write arbitrary files on the host filesystem. The ObjectURIs are identical across all installations by default. Chaining the arbitrary file write primitive with DLL hijacking opportunities in the MediaWriter service (which runs as NT Authority\\SYSTEM and loads missing DLLs such as CRYPTBASE.DLL from the application directory) enables unauthenticated remote code execution as SYSTEM upon service restart.

Action-Not Available
Vendor-Hyland
Product-PACSgear MediaWriter
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-1556
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.61% / 44.83%
||
7 Day CHG~0.00%
Published-22 Feb, 2025 | 12:31
Updated-01 Oct, 2025 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
westboy CicadasCMS Template Management system deserialization

A vulnerability, which was classified as problematic, has been found in westboy CicadasCMS 1.0. This issue affects some unknown processing of the file /system of the component Template Management. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-westboywestboy
Product-cicadascmsCicadasCMS
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-502
Deserialization of Untrusted Data
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 38
  • 39
  • Next
Details not found