Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-71371 |
|
Unsafe Deserialization in CVE-2025-71371 (CVE-2025-71371)
vulnerability in CVE-2025-71371 (CVE-2025-71371). Confidential information can be exposed externally.
|
| CVE-2025-71368 |
|
Unsafe Deserialization in CVE-2025-71368 (CVE-2025-71368)
vulnerability in CVE-2025-71368 (CVE-2025-71368). Confidential information can be exposed externally.
|
| CVE-2025-71350 |
|
Unsafe Deserialization in c (CVE-2025-71350)
vulnerability in c (CVE-2025-71350). Confidential information can be exposed externally.
|
| CVE-2025-71363 |
|
Unsafe Deserialization in deserialization (CVE-2025-71363)
vulnerability in deserialization (CVE-2025-71363). Confidential information can be exposed externally.
|
| CVE-2025-71349 |
|
Unsafe Deserialization in CVE-2025-71349 (CVE-2025-71349)
vulnerability in CVE-2025-71349 (CVE-2025-71349). Confidential information can be exposed externally.
|
| CVE-2026-55223 |
|
Unsafe Deserialization in apache (CVE-2026-55223)
vulnerability in apache (CVE-2026-55223). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13759 |
|
Unsafe Deserialization in ibm (CVE-2026-13759)
vulnerability in ibm (CVE-2026-13759). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7871 |
|
Unsafe Deserialization in langflow (CVE-2026-7871)
vulnerability in langflow (CVE-2026-7871). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12240 |
|
Unsafe Deserialization in wordpress (CVE-2026-12240)
vulnerability in wordpress (CVE-2026-12240). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46386 |
|
Unsafe Deserialization in rails (CVE-2026-46386)
vulnerability in rails (CVE-2026-46386). Successful exploitation can lead to full system takeover.
|
| CVE-2026-57527 |
|
Unsafe Deserialization in deserialization (CVE-2026-57527)
vulnerability in deserialization (CVE-2026-57527). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56057 |
|
Subscriber PHP Object Injection in Uncanny Automator Pro <= 7.3.0.6 versions.
Subscriber PHP Object Injection in Uncanny Automator Pro <= 7.3.0.6 versions.
|
| CVE-2026-56031 |
|
Unauthenticated PHP Object Injection in Uncanny Automator <= 7.3.1.2 versions.
Unauthenticated PHP Object Injection in Uncanny Automator <= 7.3.1.2 versions.
|
| CVE-2026-56032 |
|
Subscriber PHP Object Injection in Buddyboss Platform <= 3.0.4 versions.
Subscriber PHP Object Injection in Buddyboss Platform <= 3.0.4 versions.
|
| CVE-2026-56055 |
|
Subscriber PHP Object Injection in RealHomes <= 4.5.3 versions.
Subscriber PHP Object Injection in RealHomes <= 4.5.3 versions.
|
| CVE-2026-53914 |
|
Unsafe Deserialization in deserialization (CVE-2026-53914)
vulnerability in deserialization (CVE-2026-53914). Confidential information can be exposed externally.
|
| CVE-2026-12578 |
|
Unsafe Deserialization in cisa (CVE-2026-12578)
vulnerability in cisa (CVE-2026-12578). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-71340 |
|
Unsafe Deserialization in CVE-2025-71340 (CVE-2025-71340)
vulnerability in CVE-2025-71340 (CVE-2025-71340). Confidential information can be exposed externally.
|
| CVE-2026-56053 |
|
Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 versions.
Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 versions.
|
| CVE-2026-10043 |
|
Unsafe Deserialization in deserialization (CVE-2026-10043)
vulnerability in deserialization (CVE-2026-10043). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56121 |
|
Unsafe Deserialization in deserialization (CVE-2026-56121)
vulnerability in deserialization (CVE-2026-56121). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54512 |
|
Vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54512)
vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54512). Successful exploitation can lead to full system takeover. Exploitable via ``PolymorphicTypeValidator``. Mitigation: upgrade to `2.21.4` or later.
|
| CVE-2026-41862 |
|
Unsafe Deserialization in CVE-2026-41862 (CVE-2026-41862)
vulnerability in CVE-2026-41862 (CVE-2026-41862). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39253 |
|
Unsafe Deserialization in CVE-2026-39253 (CVE-2026-39253)
vulnerability in CVE-2026-39253 (CVE-2026-39253). Successful exploitation can lead to full system takeover.
|
| CVE-2025-71341 |
|
Unsafe Deserialization in CVE-2025-71341 (CVE-2025-71341)
vulnerability in CVE-2025-71341 (CVE-2025-71341). Confidential information can be exposed externally.
|
| CVE-2025-71365 |
|
Unsafe Deserialization in CVE-2025-71365 (CVE-2025-71365)
vulnerability in CVE-2025-71365 (CVE-2025-71365). Confidential information can be exposed externally.
|
| CVE-2025-71370 |
|
Unsafe Deserialization in CVE-2025-71370 (CVE-2025-71370)
vulnerability in CVE-2025-71370 (CVE-2025-71370). Confidential information can be exposed externally.
|
| CVE-2025-71376 |
|
Unsafe Deserialization in CVE-2025-71376 (CVE-2025-71376)
vulnerability in CVE-2025-71376 (CVE-2025-71376). Confidential information can be exposed externally.
|
| CVE-2026-48517 |
|
Vulnerability in MessagePack (CVE-2026-48517)
vulnerability in MessagePack (CVE-2026-48517). Data can be tampered with by attackers. Exploitable via ``MessagePackSerializer.Typeless``. Mitigation: upgrade to `3.1.7` or later.
|
| CVE-2026-48502 |
|
Out-of-Bounds Read in MessagePack (CVE-2026-48502)
vulnerability in MessagePack (CVE-2026-48502). Risk of unauthorized operations or information disclosure. Exploitable via ``tokenSize``. Mitigation: upgrade to `3.1.7` or later.
|
| CVE-2026-46607 |
|
Unsafe Deserialization in glances (CVE-2026-46607)
vulnerability in glances (CVE-2026-46607). Successful exploitation can lead to full system takeover. Exploitable via ``self.cache_file``. Mitigation: upgrade to `4.5.5` or later.
|
| CVE-2025-71378 |
|
Unsafe Deserialization in mmaitre314 (CVE-2025-71378)
vulnerability in mmaitre314 (CVE-2025-71378). Confidential information can be exposed externally.
|
| CVE-2025-71357 |
|
Unsafe Deserialization in mmaitre314 (CVE-2025-71357)
vulnerability in mmaitre314 (CVE-2025-71357). Confidential information can be exposed externally.
|
| CVE-2025-71348 |
|
Unsafe Deserialization in mmaitre314 (CVE-2025-71348)
vulnerability in mmaitre314 (CVE-2025-71348). Confidential information can be exposed externally.
|
| CVE-2026-12787 |
|
Vulnerability in deserialization (CVE-2026-12787)
vulnerability in deserialization (CVE-2026-12787). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56304 |
|
Unsafe Deserialization in dos (CVE-2026-56304)
vulnerability in dos (CVE-2026-56304). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48909 |
|
Unsafe Deserialization in CVE-2026-48909 (CVE-2026-48909)
vulnerability in CVE-2026-48909 (CVE-2026-48909). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49286 |
|
Unsafe Deserialization in pontedilana/php-weasyprint (CVE-2026-49286)
vulnerability in pontedilana/php-weasyprint (CVE-2026-49286). Successful exploitation can lead to full system takeover. Exploitable via ``eb8accc``. Mitigation: upgrade to `2.6.0` or later.
|
| CVE-2026-12046 |
|
Vulnerability in flask (CVE-2026-12046)
vulnerability in flask (CVE-2026-12046). Successful exploitation can lead to full system takeover. Exploitable via `DELETE /sqleditor/close/`.
|
| CVE-2026-8024 |
|
Unsafe Deserialization in deserialization (CVE-2026-8024)
vulnerability in deserialization (CVE-2026-8024). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12569 KEV |
|
[KEV] Vulnerability in Ptc deserialization (CVE-2026-12569)
vulnerability in Ptc deserialization (CVE-2026-12569). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-53805 |
|
Unsafe Deserialization in CVE-2026-53805 (CVE-2026-53805)
vulnerability in CVE-2026-53805 (CVE-2026-53805). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53874 |
|
Unsafe Deserialization in picklescan (CVE-2026-53874)
vulnerability in picklescan (CVE-2026-53874). Successful exploitation can lead to full system takeover. Exploitable via ``eval``. Mitigation: upgrade to `1.0.1` or later.
|
| CVE-2025-71321 |
|
Unsafe Deserialization in picklescan (CVE-2025-71321)
vulnerability in picklescan (CVE-2025-71321). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.0.33` or later.
|
| CVE-2026-49108 |
|
Unauthenticated PHP Object Injection in Moderno < 1.43 versions.
Unauthenticated PHP Object Injection in Moderno < 1.43 versions.
|
| CVE-2026-40757 |
|
Unauthenticated PHP Object Injection in Château <= 1.2.1 versions.
Unauthenticated PHP Object Injection in Château <= 1.2.1 versions.
|
| CVE-2026-39442 |
|
Unauthenticated PHP Object Injection in PressMart <= 1.2.26 versions.
Unauthenticated PHP Object Injection in PressMart <= 1.2.26 versions.
|
| CVE-2026-40738 |
|
Unauthenticated PHP Object Injection in Eldon <= 1.4.1 versions.
Unauthenticated PHP Object Injection in Eldon <= 1.4.1 versions.
|
| CVE-2025-69130 |
|
Unsafe Deserialization in wordpress (CVE-2025-69130)
vulnerability in wordpress (CVE-2025-69130). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40752 |
|
Unauthenticated PHP Object Injection in Manufaktur Solutions <= 1.1.1 versions.
Unauthenticated PHP Object Injection in Manufaktur Solutions <= 1.1.1 versions.
|