Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2022-21341 |
|
Unsafe Deserialization in java (CVE-2022-21341)
vulnerability in java (CVE-2022-21341). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.7.0, 1.8.0, 7.0.331, 8.0.321, 11.0.14, 17.0.2` or later.
|
| CVE-2026-34084 |
|
Unsafe Deserialization in phpoffice/phpspreadsheet (CVE-2026-34084)
vulnerability in phpoffice/phpspreadsheet (CVE-2026-34084). Successful exploitation can lead to full system takeover. Exploitable via ``is_file``. Mitigation: upgrade to `1.30.3` or later.
|
| CVE-2026-42027 |
|
Vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-42027)
vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-42027). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.0-M3` or later.
|
| CVE-2026-37552 |
|
Unsafe Deserialization in deserialization (CVE-2026-37552)
vulnerability in deserialization (CVE-2026-37552). Successful exploitation can lead to full system takeover.
|
| CVE-2025-60889 |
|
Unsafe Deserialization in deserialization (CVE-2025-60889)
vulnerability in deserialization (CVE-2025-60889). Successful exploitation can lead to full system takeover.
|
| CVE-2025-60887 |
|
Unsafe Deserialization in deserialization (CVE-2025-60887)
vulnerability in deserialization (CVE-2025-60887). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-27172 |
|
Unsafe Deserialization in apache (CVE-2026-27172)
vulnerability in apache (CVE-2026-27172). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40858 |
|
Unsafe Deserialization in apache (CVE-2026-40858)
vulnerability in apache (CVE-2026-40858). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33454 |
|
Unsafe Deserialization in apache (CVE-2026-33454)
vulnerability in apache (CVE-2026-33454). Confidential information can be exposed externally.
|
| CVE-2026-40860 |
|
Unsafe Deserialization in apache (CVE-2026-40860)
vulnerability in apache (CVE-2026-40860). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40048 |
|
Unsafe Deserialization in apache (CVE-2026-40048)
vulnerability in apache (CVE-2026-40048). Successful exploitation can lead to full system takeover. Exploitable via ``java.security.KeyPair``.
|
| CVE-2026-40473 |
|
Unsafe Deserialization in apache (CVE-2026-40473)
vulnerability in apache (CVE-2026-40473). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41316 |
|
Vulnerability in erb (CVE-2026-41316)
vulnerability in erb (CVE-2026-41316). Successful exploitation can lead to full system takeover. Exploitable via ``Marshal.load``. Mitigation: upgrade to `6.0.4` or later.
|
| CVE-2026-6857 |
|
Unsafe Deserialization in org.apache.camel:camel-infinispan (CVE-2026-6857)
vulnerability in org.apache.camel:camel-infinispan (CVE-2026-6857). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.20.0` or later.
|
| CVE-2026-22016 |
|
Information Disclosure in c (CVE-2026-22016)
vulnerability in c (CVE-2026-22016). Confidential information can be exposed externally.
|
| CVE-2026-5426 |
|
Vulnerability in csharp (CVE-2026-5426)
vulnerability in csharp (CVE-2026-5426). Confidential information can be exposed externally.
|
| CVE-2026-1462 |
|
Unsafe Deserialization in keras (CVE-2026-1462)
vulnerability in keras (CVE-2026-1462). Successful exploitation can lead to full system takeover. Exploitable via ``TFSMLayer``. Mitigation: upgrade to `3.13.2` or later.
|
| CVE-2026-25204 |
|
Unsafe Deserialization in dos (CVE-2026-25204)
vulnerability in dos (CVE-2026-25204). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-21529 KEV |
|
[KEV] Unsafe Deserialization in Microsoft exchange-server (CVE-2023-21529)
vulnerability in Microsoft exchange-server (CVE-2023-21529). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-23869 |
|
Vulnerability in react (CVE-2026-23869)
vulnerability in react (CVE-2026-23869). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32590 |
|
Unsafe Deserialization in redhat (CVE-2026-32590)
vulnerability in redhat (CVE-2026-32590). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34877 |
|
Vulnerability in arm (CVE-2026-34877)
vulnerability in arm (CVE-2026-34877). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33728 |
|
Unsafe Deserialization in com.datadoghq:dd-java-agent (CVE-2026-33728)
vulnerability in com.datadoghq:dd-java-agent (CVE-2026-33728). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.60.3` or later.
|
| CVE-2026-33701 |
|
Unsafe Deserialization in linuxfoundation (CVE-2026-33701)
vulnerability in linuxfoundation (CVE-2026-33701). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0677 |
|
Unsafe Deserialization in deserialization (CVE-2026-0677)
vulnerability in deserialization (CVE-2026-0677). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20131 KEV |
|
[KEV] Unsafe Deserialization in Cisco secure-firewall-management-center-fmc (CVE-2026-20131)
vulnerability in Cisco secure-firewall-management-center-fmc (CVE-2026-20131). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-20963 KEV |
|
[KEV] Unsafe Deserialization in Microsoft sharepoint (CVE-2026-20963)
vulnerability in Microsoft sharepoint (CVE-2026-20963). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-13913 |
|
Unsafe Deserialization in inductiveautomation (CVE-2025-13913)
vulnerability in inductiveautomation (CVE-2025-13913). Successful exploitation can lead to full system takeover.
|
| CVE-2025-11739 |
|
Unsafe Deserialization in deserialization (CVE-2025-11739)
vulnerability in deserialization (CVE-2025-11739). Successful exploitation can lead to full system takeover.
|
| CVE-2026-1286 |
|
Unsafe Deserialization in deserialization (CVE-2026-1286)
vulnerability in deserialization (CVE-2026-1286). Successful exploitation can lead to full system takeover.
|
| CVE-2025-56422 |
|
Unsafe Deserialization in deserialization (CVE-2025-56422)
vulnerability in deserialization (CVE-2025-56422). Successful exploitation can lead to full system takeover.
|
| CVE-2025-26399 KEV |
|
[KEV] Unsafe Deserialization in Solarwinds web-help-desk (CVE-2025-26399)
vulnerability in Solarwinds web-help-desk (CVE-2025-26399). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-27830 |
|
Code Injection in deserialization (CVE-2026-27830)
code injection in deserialization (CVE-2026-27830). Successful exploitation can lead to full system takeover. Exploitable via ``javax.naming.Reference``.
|
| CVE-2026-27727 |
|
Vulnerability in mchange (CVE-2026-27727)
vulnerability in mchange (CVE-2026-27727). Successful exploitation can lead to full system takeover. Exploitable via ``factoryClassLocation``.
|
| CVE-2026-25747 |
|
Unsafe Deserialization in apache (CVE-2026-25747)
vulnerability in apache (CVE-2026-25747). Successful exploitation can lead to full system takeover.
|
| CVE-2025-49113 KEV |
|
[KEV] Unsafe Deserialization in Roundcube webmail (CVE-2025-49113)
vulnerability in Roundcube webmail (CVE-2025-49113). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-69872 |
|
Code Injection in CVE-2025-69872 (CVE-2025-69872)
code injection in CVE-2025-69872 (CVE-2025-69872). Successful exploitation can lead to full system takeover.
|
| CVE-2025-40551 KEV |
|
[KEV] Unsafe Deserialization in Solarwinds web-help-desk (CVE-2025-40551)
vulnerability in Solarwinds web-help-desk (CVE-2025-40551). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-61140 |
|
The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.
The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.
|
| CVE-2026-24747 |
|
Code Injection in linuxfoundation (CVE-2026-24747)
code injection in linuxfoundation (CVE-2026-24747). Successful exploitation can lead to full system takeover. Exploitable via ``weights_only``.
|
| CVE-2026-23864 |
|
Vulnerability in react (CVE-2026-23864)
vulnerability in react (CVE-2026-23864). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-56005 |
|
Unsafe Deserialization in dabeaz (CVE-2025-56005)
vulnerability in dabeaz (CVE-2025-56005). Successful exploitation can lead to full system takeover. Exploitable via ``picklefile``.
|
| CVE-2025-11157 |
|
Unsafe Deserialization in CVE-2025-11157 (CVE-2025-11157)
vulnerability in CVE-2025-11157 (CVE-2025-11157). Successful exploitation can lead to full system takeover.
|
| CVE-2025-71339 |
|
Unsafe Deserialization in picklescan (CVE-2025-71339)
vulnerability in picklescan (CVE-2025-71339). Confidential information can be exposed externally. Exploitable via ``numpy.f2py.crackfortran._eval_length``. Mitigation: upgrade to `0.0.33` or later.
|
| CVE-2025-61168 |
|
Unsafe Deserialization in sigb (CVE-2025-61168)
vulnerability in sigb (CVE-2025-61168). Successful exploitation can lead to full system takeover.
|
| CVE-2025-59287 KEV |
|
[KEV] Unsafe Deserialization in Microsoft windows (CVE-2025-59287)
vulnerability in Microsoft windows (CVE-2025-59287). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-10035 KEV |
|
[KEV] Unsafe Deserialization in Fortra goanywhere-mft (CVE-2025-10035)
vulnerability in Fortra goanywhere-mft (CVE-2025-10035). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-5086 KEV |
|
[KEV] Unsafe Deserialization in Dassault systèmes dassault-systemes (CVE-2025-5086)
vulnerability in Dassault systèmes dassault-systemes (CVE-2025-5086). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-53690 KEV |
|
[KEV] Unsafe Deserialization in Sitecore multiple-products (CVE-2025-53690)
vulnerability in Sitecore multiple-products (CVE-2025-53690). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-71344 |
|
Unsafe Deserialization in picklescan (CVE-2025-71344)
vulnerability in picklescan (CVE-2025-71344). Confidential information can be exposed externally. Mitigation: upgrade to `0.0.30` or later.
|