Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
Spinnaker: Non-safe yaml deserialization allowing RCE when using specific types
Apache IoTDB: Arbitrary Class Instantiation via Pipe Transfer RPC
mchange-commons-java contains elements susceptible to abuse via JNDI injection and "deserialization gadgets"
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources
IBM WebSphere eXtreme Scale's OQL is affected by remote code execution
MessagePack-CSharp: Denial of service vulnerabilities can swamp the CPU or crash the process with stack and heap overflows
MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments
Statamic CMS vulnerable to unsafe method invocation via collection sorting allows data destruction
Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`
Apache Calcite: A user-controled model can load arbitrary classes, leading to code execution
CtrlPanel: Authenticated Remote Code Execution via Dynamic Class Instantiation in SettingsController.php
Remote Code Execution via Unsafe Class Loading in Amazon Redshift JDBC Driver
PraisonAI has unsafe tool resolution in `ToolExecutionMixin.execute_tool`: undeclared `__main__` callables execute
Apache OpenNLP: Arbitrary Class Instantiation via Model Manifest in ExtensionLoader
Statamic: Unsafe method invocation via query value resolution allows data destruction
Smart VPN 1.1.3.0 Denial of Service via Search
Unauthenticated arbitrary PHP class instantiation
Craft CMS: Potential authenticated Remote Code Execution via malicious attached Behavior
Craft CMS vulnerable to behavior injection RCE ElementIndexesController and FieldsController
Craft CMS vulnerable to behavior injection RCE via EntryTypesController
Showing 1 - 20 of 1,000+ results