Export limit exceeded: 35344 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2839 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0936 | 1 Vanderschaarlab | 1 Temporai | 2024-11-21 | 6.3 Medium |
| A vulnerability classified as critical was found in van_der_Schaar LAB TemporAI 0.0.3. Affected by this vulnerability is the function load_from_file of the component PKL File Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252181 was assigned to this vulnerability. NOTE: The vendor was contacted early and confirmed immediately the existence of the issue. A patch is planned to be released in February 2024. | ||||
| CVE-2024-0739 | 1 Leadshop | 1 Leadshop | 2024-11-21 | 7.3 High |
| A vulnerability, which was classified as critical, was found in Hecheng Leadshop up to 1.4.20. Affected is an unknown function of the file /web/leadshop.php. The manipulation of the argument install leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-251562 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-0302 | 1 Fhs-opensource | 1 Iparking | 2024-11-21 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in fhs-opensource iparking 1.5.22.RELEASE. This issue affects some unknown processing of the file /vueLogin. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249869 was assigned to this vulnerability. | ||||
| CVE-2023-7032 | 1 Schneider-electric | 1 Easergy Studio | 2024-11-21 | 7.8 High |
| A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker logged in with a user level account to gain higher privileges by providing a harmful serialized object. | ||||
| CVE-2023-7018 | 1 Huggingface | 1 Transformers | 2024-11-21 | 7.8 High |
| Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. | ||||
| CVE-2023-6730 | 1 Huggingface | 1 Transformers | 2024-11-21 | 8.8 High |
| Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. | ||||
| CVE-2023-6656 | 1 Iperov | 1 Deepfacelab | 2024-11-21 | 5 Medium |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. It has been rated as critical. Affected by this issue is some unknown functionality of the file DFLIMG/DFLJPG.py. The manipulation leads to deserialization. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of this vulnerability is VDB-247364. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2023-6654 | 1 Phpems | 1 Phpems | 2024-11-21 | 6.3 Medium |
| A vulnerability classified as critical was found in PHPEMS 6.x/7.x/8.x/9.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247357 was assigned to this vulnerability. | ||||
| CVE-2023-6580 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2024-11-21 | 8.8 High |
| A vulnerability, which was classified as critical, was found in D-Link DIR-846 FW100A53DBR. This affects an unknown part of the file /HNAP1/ of the component QoS POST Handler. The manipulation of the argument smartqos_express_devices/smartqos_normal_devices leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247161 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-5183 | 1 Illumio | 1 Core Policy Compute Engine | 2024-11-21 | 9.9 Critical |
| Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Authentication to the API is required to exploit this vulnerability. The flaw exists within the network_traffic API endpoint. An attacker can leverage this vulnerability to execute code in the context of the PCE’s operating system user. | ||||
| CVE-2023-5016 | 1 Ssssssss | 1 Spider-flow | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in spider-flow up to 0.5.0. It has been declared as critical. Affected by this vulnerability is the function DriverManager.getConnection of the file src/main/java/org/spiderflow/controller/DataSourceController.java of the component API. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239857 was assigned to this vulnerability. | ||||
| CVE-2023-50252 | 1 Dompdf | 1 Php-svg-lib | 2024-11-21 | 8.3 High |
| php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling `<use>` tag that references an `<image>` tag, it merges the attributes from the `<use>` tag to the `<image>` tag. The problem pops up especially when the `href` attribute from the `<use>` tag has not been sanitized. This can lead to an unsafe file read that can cause PHAR Deserialization vulnerability in PHP prior to version 8. Version 0.5.1 contains a patch for this issue. | ||||
| CVE-2023-49788 | 1 Collaboraoffice | 1 Richdocumentscode | 2024-11-21 | 7.2 High |
| Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server (richdocumentscode) is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be susceptible to attack via modified client->server commands to overwrite files outside the sub directory the server has provided for the transient session. Files which can be accessed are limited to those that the server process has access to. The bug was fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.602. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-48967 | 1 Noear | 1 Solon | 2024-11-21 | 9.8 Critical |
| Ssolon <= 2.6.0 and <=2.5.12 is vulnerable to Deserialization of Untrusted Data. | ||||
| CVE-2023-48952 | 1 Openlinksw | 1 Virtuoso | 2024-11-21 | 7.5 High |
| An issue in the box_deserialize_reusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | ||||
| CVE-2023-48887 | 1 Fengjiachun | 1 Jupiter | 2024-11-21 | 9.8 Critical |
| A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request. | ||||
| CVE-2023-48886 | 1 Luxiaoxun | 1 Nettyrpc | 2024-11-21 | 9.8 Critical |
| A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request. | ||||
| CVE-2023-47207 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | 9.8 Critical |
| In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute code with local administrator privileges. | ||||
| CVE-2023-47204 | 1 Toumorokoshi | 1 Transmute-core | 2024-11-21 | 9.8 Critical |
| Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code. | ||||
| CVE-2023-47174 | 1 Thorntech | 2 Sftp Gateway, Sftp Gateway Firmware | 2024-11-21 | 9.8 Critical |
| Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Also, within the specific context of Thorn SFTP gateway, this leads to remote code execution. | ||||