Total
2198 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-4260 | 1 Zhangyanbo2007 | 1 Youkefu | 2025-10-10 | 4.3 Medium |
| A vulnerability was found in zhangyanbo2007 youkefu up to 4.2.0 and classified as problematic. Affected by this issue is the function impsave of the file m\web\handler\admin\system\TemplateController.java. The manipulation of the argument dataFile leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-60828 | 2 5kcrm, Wukongopensource | 2 Wukongcrm, Wukongcrm | 2025-10-10 | 6.5 Medium |
| WukongCRM-9.0-JAVA was discovered to contain a fastjson deserialization vulnerability via the /OaExamine/setOaExamine interface. | ||||
| CVE-2025-60830 | 2 Redragon, Redragon-erp | 2 Erp, Redragon-erp | 2025-10-10 | 6.5 Medium |
| redragon-erp v1.0 was discovered to contain a Shiro deserialization vulnerability caused by the default Shiro key. | ||||
| CVE-2025-60834 | 2 Ghostxbh, Uzy | 2 Uzy-ssm-mall, Ssm Mall | 2025-10-10 | 6.5 Medium |
| A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input. | ||||
| CVE-2025-9188 | 2 Digilent, Ni | 2 Dasylab, Dasylab | 2025-10-09 | 7.8 High |
| There is a deserialization of untrusted data vulnerability in Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted DSB file. The vulnerability affects all versions of DASYLab. | ||||
| CVE-2023-36035 | 1 Microsoft | 1 Exchange Server | 2025-10-08 | 8 High |
| Microsoft Exchange Server Spoofing Vulnerability | ||||
| CVE-2023-36039 | 1 Microsoft | 1 Exchange Server | 2025-10-08 | 8 High |
| Microsoft Exchange Server Spoofing Vulnerability | ||||
| CVE-2023-36050 | 1 Microsoft | 1 Exchange Server | 2025-10-08 | 8 High |
| Microsoft Exchange Server Spoofing Vulnerability | ||||
| CVE-2023-36439 | 1 Microsoft | 1 Exchange Server | 2025-10-08 | 8 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2023-38177 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2025-10-08 | 6.1 Medium |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2025-6544 | 2 H2o, H2oai | 2 H2o, H2o-3 | 2025-10-08 | N/A |
| A deserialization vulnerability exists in h2oai/h2o-3 versions <= 3.46.0.8, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and using double URL encoding. This issue impacts all users of the affected versions. | ||||
| CVE-2025-10768 | 2 H2o, H2oai | 2 H2o, H2o-3 | 2025-10-08 | 6.3 Medium |
| A flaw has been found in h2oai h2o-3 up to 3.46.08. The impacted element is an unknown function of the file /99/ImportSQLTable of the component IBMDB2 JDBC Driver. This manipulation of the argument connection_url causes deserialization. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-10769 | 2 H2o, H2oai | 2 H2o, H2o-3 | 2025-10-08 | 6.3 Medium |
| A vulnerability has been found in h2oai h2o-3 up to 3.46.08. This affects an unknown function of the file /99/ImportSQLTable of the component H2 JDBC Driver. Such manipulation of the argument connection_url leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-10770 | 1 Jeecg | 1 Jimureport | 2025-10-08 | 6.3 Medium |
| A vulnerability was found in jeecgboot JimuReport up to 2.1.2. This impacts an unknown function of the file /drag/onlDragDataSource/testConnection of the component MySQL JDBC Handler. Performing manipulation results in deserialization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | ||||
| CVE-2025-10771 | 1 Jeecg | 1 Jimureport | 2025-10-08 | 6.3 Medium |
| A vulnerability was determined in jeecgboot JimuReport up to 2.1.2. Affected is an unknown function of the file /drag/onlDragDataSource/testConnection of the component DB2 JDBC Handler. Executing manipulation of the argument clientRerouteServerListJNDIName can lead to deserialization. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-10363 | 1 Microsoft | 1 Windows | 2025-10-08 | N/A |
| Deserialization of Untrusted Data vulnerability in Topal Solutions AG Topal Finanzbuchhaltung on Windows allows Remote Code Execution.This issue affects at least Topal Finanzbuchhaltung: 10.1.5.20 and is fixed in version 11.2.12.00 | ||||
| CVE-2025-11273 | 1 Lachatterie | 1 Verger | 2025-10-06 | 6.3 Medium |
| A vulnerability was found in LaChatterie Verger up to 1.2.10. This impacts the function redirectToAuthorization of the file /src/main/services/mcp/oauth/provider.ts. The manipulation of the argument URL results in deserialization. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-61677 | 1 Iterative | 1 Datachain | 2025-10-06 | 2.5 Low |
| DataChain is a Python-based AI-data warehouse for transforming and analyzing unstructured data. Versions 0.34.1 and below allow for deseriaization of untrusted data because of the way the DataChain library reads serialized objects from environment variables (such as DATACHAIN__METASTORE and DATACHAIN__WAREHOUSE) in the loader.py module. An attacker with the ability to set these environment variables can trigger code execution when the application loads. This issue is fixed in version 0.34.2. | ||||
| CVE-2025-5326 | 1 Zhilink | 1 Adp Application Developer Platform | 2025-10-03 | 6.3 Medium |
| A vulnerability was found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the file /adpweb/wechat/verifyToken/. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-5552 | 1 1000mz | 1 Chestnutcms | 2025-10-03 | 6.3 Medium |
| A vulnerability was found in ChestnutCMS up to 15.1. It has been declared as critical. This vulnerability affects unknown code of the file /dev-api/groovy/exec of the component API Endpoint. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||