Skip to main content

Deserialization

2659 CVEs technique

Monthly

CVE-2025-71368 PyPI HIGH PATCH This Week

Detection bypass leading to arbitrary code execution in picklescan before 0.0.30 allows attackers to smuggle malicious payloads past the scanner by abusing the doctest.debug_script function, which picklescan's analyzer does not recognize as dangerous. Because picklescan is used to vet untrusted pickle/ML model files before loading, a crafted pickle marked 'safe' will execute attacker commands the moment pickle.load is invoked. There is no public exploit identified at time of analysis, and this is not listed in CISA KEV, but the technique is well-understood and was disclosed by VulnCheck.

Deserialization RCE Picklescan
NVD GitHub
CVSS 4.0
7.6
EPSS
0.8%
CVE-2025-71363 PyPI HIGH PATCH This Week

Scanner-detection bypass in picklescan before 0.0.30 lets a crafted pickle file evade malicious-code detection and execute arbitrary code on deserialization. The tool - a Python security scanner used to vet untrusted pickle/ML model files - fails to flag `cProfile.run` calls embedded in a pickle object's `__reduce__` method, so a payload routed through `cProfile.run` passes the scan and then runs when the file is loaded. Reported by VulnCheck (CWE-502); no public exploit identified at time of analysis and it is not in CISA KEV.

Deserialization RCE Picklescan
NVD GitHub
CVSS 4.0
7.6
EPSS
0.6%
CVE-2025-71355 PyPI HIGH PATCH This Week

Static-analysis bypass in Picklescan before 0.0.25 lets attackers smuggle malicious pickle files past its malware scanner, leading to arbitrary OS command execution when a victim deserializes the file. Picklescan's denylist fails to flag unsafe Numpy globals, so a reduce method invoking numpy.testing._private.utils.runstring can import os and run commands while being reported as safe. No public exploit has been identified at time of analysis, though VulnCheck's advisory documents the exact gadget; the issue is not in CISA KEV. CVSS 4.0 base score is 7.6.

Deserialization RCE Picklescan
NVD GitHub
CVSS 4.0
7.6
EPSS
0.6%
CVE-2025-71350 PyPI HIGH PATCH This Week

Malicious-pickle detection bypass in picklescan before 0.0.28 lets attackers smuggle remote-code-execution payloads past the scanner by hiding them in a pickle reduce method that invokes torch.utils.collect_env.run, which picklescan's blocklist failed to flag. Because picklescan is the gatekeeper many ML pipelines rely on to vet untrusted models (notably scanning Hugging Face artifacts), a 'clean' verdict on a weaponized file directly leads to command execution when the victim deserializes it. Reported by VulnCheck with a fix in 0.0.28; no public exploit identified at time of analysis and not listed in CISA KEV.

Deserialization Picklescan
NVD GitHub
CVSS 4.0
7.6
EPSS
0.4%
CVE-2025-71349 PyPI HIGH PATCH This Week

Malicious pickle detection bypass in picklescan before 0.0.29 lets attackers smuggle arbitrary code execution payloads past the scanner by abusing the built-in trace.Trace.run function inside a pickle's __reduce__ method. Because picklescan does not flag trace.Trace.run as a dangerous global, a crafted model/pickle file is reported as safe yet executes arbitrary code when later deserialized via pickle.load. No public exploit identified at time of analysis; this is a classic deny-list gap in a security scanner that defenders rely on to gate untrusted ML artifacts.

Deserialization RCE Picklescan
NVD GitHub
CVSS 4.0
7.6
EPSS
0.6%
CVE-2026-13759 HIGH PATCH This Week

Remote code execution in IBM WebSphere eXtreme Scale 8.6.1.0-8.6.1.6 arises because three bundled ObjectInputStream subclasses (WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver) deserialize untrusted data without any JEP-290 lookahead class filter. When Oracle Coherence is present on the classpath, confirmed working gadget chains (RemoteConstructor.readResolve, PriorityQueue/ExtractorComparator) let a low-privileged authenticated attacker who can write a session attribute - or a LAN-adjacent attacker on the unauthenticated grid replication wire - run arbitrary code on peer WebSphere Application Server JVMs. A vendor patch is available; there is no public exploit identified and EPSS is low (0.29%), but IBM confirms the gadget chains function, giving total technical impact per SSVC.

Deserialization IBM RCE Websphere Extreme Scale
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-13773 CRITICAL PATCH Act Now

Remote code execution in IBM WebSphere eXtreme Scale 8.6.1.0 through 8.6.1.6 arises from roughly 50 generated CORBA stub classes in the shipped ogclient.jar that invoke ORB.string_to_object() on an attacker-controlled IOR string during Java deserialization, converting any unfiltered ObjectInputStream sink in the surrounding WebSphere Application Server into outbound IIOP server-side request forgery. When chained with the IBM ORB getUserException class-instantiation flaw (tracked as WAS-26), that SSRF escalates to code execution on the calling JVM. CVSS is 10.0 (scope-changed, full CIA impact); EPSS is 3.01% (86th percentile) and there is no public exploit identified at time of analysis.

Deserialization SSRF RCE IBM Java +1
NVD VulDB
CVSS 3.1
10.0
EPSS
3.0%
CVE-2026-7871 CRITICAL PATCH Act Now

Insecure deserialization (CWE-502) in IBM Langflow OSS versions 1.0.0 through 1.10.0 lets any party with access to the backing Redis store inject a malicious serialized object that Langflow deserializes, yielding arbitrary code execution with full application privileges. Successful exploitation exposes all stored secrets, flow data, and the underlying host, effectively a complete compromise of the Langflow instance. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV; a vendor patch is available per IBM advisory node 7278443.

Deserialization IBM Redis RCE Langflow Oss
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-12578 HIGH CISA Act Now

Arbitrary code execution in Delta Electronics DTMSoft arises from unsafe deserialization of untrusted data during project file parsing (CWE-502), allowing an attacker who supplies a malicious DTMSoft project file to run code in the context of the user who opens it. The flaw is local and requires victim interaction (opening the crafted file) rather than remote network exploitation, and impacts confidentiality, integrity, and availability fully. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; no EPSS score was supplied.

Deserialization RCE Dtmsoft
NVD
CVSS 4.0
8.4
EPSS
0.4%
CVE-2026-12240 HIGH This Week

Arbitrary file deletion in the Export User Data plugin for WordPress (versions up to and including 2.2.6) allows an authenticated subscriber-level attacker to delete any file on the server, including wp-config.php, which can escalate to remote code execution. The flaw stems from unsafe deserialization of a PHP object embedded in a user's display name that is processed when an administrator exports user data. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; exploitation is gated by required administrator interaction.

WordPress Deserialization RCE PHP Export User Data
NVD VulDB
CVSS 3.1
8.0
EPSS
0.3%
CVE-2026-46386 CRITICAL PATCH Act Now

Authenticated remote code execution affects the official openproject/openproject Docker image, which ships with a hardcoded Rails secret (ENV SECRET_KEY_BASE=OVERWRITE_ME). Because the application uses cookies_serializer = :marshal, any logged-in user who knows this deterministic key can forge a signed cookie containing a malicious Marshal payload that is deserialized when reaching the /my/two_factor_devices cookie reader, yielding code execution on the server (CVSS 9.9, scope-changed). At the time of analysis there is no public exploit identified and the issue is not in CISA KEV, but the predictability of the default key makes exploitation straightforward for anyone running an unmodified image.

Deserialization Docker Openproject
NVD GitHub
CVSS 3.1
9.9
EPSS
0.3%
CVE-2026-57527 HIGH PATCH This Week

Arbitrary code execution in the OWASP ZAP ViewState add-on (versions before 4) lets a malicious or attacker-controlled proxied web server compromise the security tester's own ZAP instance. By embedding a crafted serialized Java object in the javax.faces.ViewState response parameter, an attacker triggers unsafe Java deserialization inside the ZAP JVM the moment the operator views the ViewState panel in the Desktop UI. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the vendor has published an advisory and shipped a fix (viewstate-v4) that disables JSF support entirely.

Deserialization Java RCE
NVD GitHub
CVSS 4.0
8.7
EPSS
0.5%
CVE-2026-56057 CRITICAL Act Now

PHP Object Injection in the Uncanny Automator Pro WordPress plugin (versions <= 7.3.0.6) allows authenticated users holding only the low-privileged Subscriber role to inject crafted serialized PHP objects into an unsafe deserialization sink (CWE-502). Depending on the gadget chains present in the plugin or co-installed software, this can escalate to remote code execution, arbitrary file operations, or database tampering. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV; the input-supplied CVSS of 9.8 likely overstates privileges since the title explicitly scopes the flaw to the Subscriber role.

Deserialization PHP
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-56055 HIGH This Week

Authenticated PHP object injection in the RealHomes WordPress theme (versions 4.5.3 and earlier) lets a low-privileged Subscriber-level account inject crafted serialized objects into an unsafe deserialization sink (CWE-502). Because WordPress applications and plugins commonly contain POP gadget chains, this can escalate to arbitrary file operations, SQL injection, or remote code execution, which is reflected in the high CVSS 8.8 (C:H/I:H/A:H). Reported by Patchstack; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Deserialization PHP
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-56032 CRITICAL Act Now

PHP Object Injection in the BuddyBoss Platform WordPress plugin (versions 3.0.4 and earlier) allows attackers with low-privilege Subscriber access to inject crafted serialized objects that are deserialized unsafely, potentially leading to remote code execution, data tampering, or denial of service depending on available gadget chains. The flaw was reported by Patchstack and carries a CVSS base score of 9.8; however, the 'Subscriber' qualifier implies authenticated access is required, which conflicts with the PR:N in the published vector. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Deserialization PHP
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2026-56031 HIGH This Week

PHP Object Injection in the Uncanny Automator WordPress plugin (versions 7.3.1.2 and earlier) lets unauthenticated remote attackers submit crafted serialized PHP objects that the application deserializes, potentially leading to full WordPress site compromise. The flaw is rooted in unsafe deserialization of untrusted data (CWE-502) and carries high confidentiality, integrity, and availability impact (CVSS 8.1). No public exploit identified at time of analysis and it is not in CISA KEV; the high attack complexity reflects the need for a usable POP gadget chain in the target environment.

Deserialization PHP
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-53914 CRITICAL PATCH Act Now

Remote code execution in JetBrains Kotlin before 2.4.20 stems from unsafe deserialization (CWE-502) of build cache metadata, allowing an attacker who can influence cached build artifacts to execute arbitrary code during a build. The flaw carries a CVSS 9.8 (C:H/I:H/A:H) rating, but there is no public exploit identified at time of analysis and EPSS is very low (0.11%, 2nd percentile), and CISA SSVC marks exploitation as 'none'. JetBrains, who reported the issue, has released a fixed version (2.4.20).

Deserialization RCE Kotlin
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-71340 PyPI HIGH PATCH This Week

Detection bypass in picklescan through version 0.0.26 lets attackers smuggle malicious pickle payloads past the scanner by invoking idlelib.pyshell.ModifiedInterpreter.runcode from a __reduce__ method, which picklescan does not blocklist. Because organizations rely on picklescan to vet PyTorch models and serialized Python objects, a payload it marks 'safe' still achieves arbitrary command execution the moment the victim calls pickle.load(), enabling ML supply-chain attacks. Publicly available exploit code exists (GHSA-3gf5-cxq9-w223 ships a working PoC); the CVE is not in CISA KEV and EPSS data was not provided, so active exploitation is unconfirmed.

Deserialization Python Picklescan
NVD GitHub
CVSS 4.0
7.6
EPSS
0.3%
CVE-2026-45794 Maven HIGH PATCH GHSA This Week

Unsafe Java deserialization (CWE-502) in OpenAM Community Edition through 16.0.6 lets attackers abuse the anonymous Push Notification SNS callback REST route to force the server to load an attacker-named class and construct it from attacker-controlled JSON via Jackson. A low-privileged user who starts Push Registration can plant a malicious CTS predicate blob, then drive anonymous callbacks that yield a reliable class-loading and Jackson-construction primitive with classpath-dependent impacts ranging from token-record corruption and DoS to potential process execution and file writes. No public exploit is identified at time of analysis and confirmed arbitrary command execution was not demonstrated on stock classpaths; the issue is fixed in 16.1.1.

Deserialization Java RCE
NVD GitHub
CVE-2026-56053 HIGH This Week

PHP Object Injection in the EventPrime event-calendar-management WordPress plugin (versions 4.3.4.1 and earlier) allows an authenticated attacker holding only a low-privilege Subscriber account to inject crafted serialized objects into an unsafe deserialization sink. Depending on the PHP gadget chains present in WordPress core, the plugin, or other installed plugins, this can escalate to data tampering, information disclosure, or remote code execution. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; it was reported by Patchstack.

Deserialization PHP Eventprime
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-10043 HIGH PATCH This Week

Arbitrary code execution in MosaicML Composer arises when the library loads a model or resumption checkpoint, because checkpoint parsing deserializes attacker-controlled pickle data without validation (CWE-502). A user who loads a maliciously crafted checkpoint (.pt) file - for example one downloaded from a model hub or shared by a collaborator - runs arbitrary Python code in the context of the training process. Reported through ZDI (ZDI-26-384, ZDI-CAN-27990); no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but an upstream source fix is available.

Deserialization RCE Composer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2026-45051 Maven CRITICAL PATCH GHSA Act Now

Arbitrary code execution affects the WebAuthn authentication module of Open Identity Platform OpenAM Community Edition through 16.0.6, where untrusted Java deserialization (CWE-502) of a user-controllable storage attribute lets an attacker run code as the application server user. The vendor advisory (GHSA-6c99-87fr-6q7r) characterizes this as a pre-authentication RCE, but it is reachable only in non-default deployments where the WebAuthn storage/userAttribute has become attacker-writable. No public exploit has been identified at time of analysis, and the issue is fixed in 16.1.1.

Deserialization RCE
NVD GitHub
CVE-2026-56121 CRITICAL POC PATCH Act Now

Remote code execution in Feast (the open-source ML feature store) before 0.63.0 lets remote attackers run OS commands as the feast service account by sending a crafted ApplyFeatureView gRPC request to the registry server. The registry base64-decodes the user_defined_function.body field of an OnDemandFeatureView and passes it to dill.loads() before any authorization check, so no credentials are required. A publicly available exploit code exists (reported by VulnCheck via huntr) and a vendor patch is available, though the flaw is not listed in CISA KEV.

Deserialization Python RCE Feast
NVD GitHub
CVSS 4.0
9.3
EPSS
0.8%
CVE-2025-71354 PyPI HIGH PATCH This Week

Detection bypass in picklescan before 0.0.29 allows attackers to craft malicious pickle files using idlelib.debugobj.ObjectTreeItem.SetText in __reduce__ methods that evade the scanner's dangerous-function checks, resulting in arbitrary command execution when the victim subsequently calls pickle.load(). The flaw turns picklescan from a security control into a false-assurance tool for ML pipelines that consume untrusted PyTorch models. Publicly available exploit code exists via the GHSA advisory, though no public exploit identified in active campaigns at time of analysis.

Deserialization Picklescan
NVD GitHub
CVSS 4.0
7.6
EPSS
0.3%
CVE-2026-54516 Maven MEDIUM PATCH GHSA This Month

Integrity bypass in jackson-databind 2.21.0-2.21.3 and 3.0.0-3.1.3 allows unauthenticated network attackers to write to private backing fields that application developers intended as read-only. The flaw occurs when a POJO uses @JsonProperty on a getter with @JsonIgnore on the setter - a common read-only-over-the-wire pattern - and MapperFeature.INFER_PROPERTY_MUTATORS is enabled (the default). No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog. The GHSA advisory characterizes the impact as property tampering and mass assignment; maintainers rate it minor despite a reporter-assessed HIGH severity.

Deserialization Jackson Databind
NVD GitHub HeroDevs VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-54514 Maven MEDIUM PATCH GHSA This Month

Eager DNS resolution during InetSocketAddress deserialization in jackson-databind (versions 2.0.0 through pre-fix releases across the 2.18, 2.21, and 3.x lines) allows any attacker who can supply untrusted JSON to an affected endpoint to force outbound DNS lookups for attacker-chosen hostnames at readValue() time - before application validation or connect logic can intervene. This DNS-based SSRF (CWE-918) enables internal resolver probing, network topology enumeration, and DNS out-of-band interaction signals against applications that deserialize untrusted JSON into types containing InetSocketAddress fields. No public exploit code and no CISA KEV listing have been identified at time of analysis; EPSS data was not available in the provided intelligence sources.

SSRF Deserialization Jackson Databind Suse
NVD GitHub HeroDevs VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2026-54512 Maven HIGH POC PATCH GHSA This Week

PolymorphicTypeValidator bypass in jackson-databind versions 2.10.0 through 2.18.7, 2.19.0 through 2.21.3, and 3.0.0 through 3.1.3 allows attackers controlling JSON type identifiers to smuggle denied gadget classes through allow-listed generic containers, leading to arbitrary class instantiation and potential remote code execution. The flaw stems from DatabindContext._resolveAndValidateGeneric() validating only the raw container class name while skipping all nested generic type arguments. No public exploit identified at time of analysis, but the GHSA advisory includes a proof-of-concept configuration and payload structure.

Canonical Deserialization Jackson Databind Suse
NVD GitHub HeroDevs VulDB
CVSS 3.1
8.1
EPSS
0.6%
CVE-2026-41862 HIGH PATCH This Week

Remote code execution in Spring Statemachine 3.2.0-3.2.4 and 4.0.0-4.0.1 allows authenticated attackers to execute arbitrary code inside the application JVM by injecting malicious serialized Java objects into the Kryo-based persistence backends (JPA, MongoDB, Redis, or ZooKeeper). The flaw stems from deserializing persisted state-machine contexts without enforcing a class allowlist, a classic CWE-502 pattern that has historically yielded reliable gadget-chain exploitation in Java applications. No public exploit identified at time of analysis, but the deserialization sink and Kryo gadget ecosystem make weaponization straightforward once an attacker can write to the persistence store.

Redis Deserialization RCE Java
NVD HeroDevs VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-71376 PyPI HIGH PATCH This Week

Detection bypass in picklescan versions prior to 0.0.29 allows attackers to smuggle arbitrary code execution payloads through malicious pickle files by leveraging idlelib.autocomplete.AutoComplete.fetch_completions inside the __reduce__ method. Because the scanner does not flag this built-in Python function as dangerous, victims who rely on picklescan to vet PyTorch models or other pickle artifacts will load attacker-controlled code under pickle.load(). Publicly available exploit code exists (in the GHSA advisory), though no active in-the-wild exploitation has been reported.

Deserialization Picklescan
NVD GitHub
CVSS 4.0
7.6
EPSS
0.3%
CVE-2025-71370 PyPI HIGH PATCH This Week

Detection bypass in picklescan before 0.0.28 allows attackers to embed malicious torch.jit.unsupported_tensor_ops.execWrapper calls in pickle files that evade the scanner and execute arbitrary code when later loaded via pickle.load(). Publicly available exploit code exists in the GHSA advisory, and the flaw directly undermines the security guarantee picklescan is meant to provide for PyTorch model files. No CISA KEV listing and no EPSS data are provided, but the scanner bypass nature makes this a meaningful supply-chain risk for ML pipelines.

RCE Deserialization Picklescan
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.4%
CVE-2025-71365 PyPI HIGH PATCH This Week

Detection bypass in picklescan before 0.0.33 allows attackers to smuggle arbitrary code through malicious pickle files by abusing numpy.f2py.crackfortran.myeval in a __reduce__ method, which the scanner fails to flag as dangerous. Any ML pipeline or model-hosting workflow that trusts picklescan's verdict before calling pickle.load() will execute attacker-controlled commands; publicly available exploit code exists in the GHSA advisory, and the CVSS 4.0 score of 7.6 reflects high confidentiality and integrity impact contingent on user interaction.

RCE Deserialization Picklescan
NVD GitHub
CVSS 4.0
7.6
EPSS
0.3%
CVE-2025-71341 PyPI HIGH PATCH This Week

Detection bypass in picklescan prior to 0.0.29 allows attackers to smuggle remote code execution payloads through pickle files that the scanner incorrectly classifies as safe. The library fails to flag the built-in profile.Profile.runctx function when used in a __reduce__ method, so a downstream pickle.load() of the scanned file executes arbitrary Python. Publicly available exploit code exists in the GHSA-6vqj-c2q5-j97w advisory, though no active exploitation has been reported.

RCE Deserialization Picklescan
NVD GitHub
CVSS 4.0
7.6
EPSS
0.5%
CVE-2026-39253 HIGH This Week

Remote code execution in Pivotal CRM 6.6.04.08 Smart Client arises from insecure deserialization in the Pivotal.Core.Common.dll and Pivotal.Engine.Client.Services.Conversion.dll components, allowing remote attackers to execute arbitrary code on affected installations. The vendor (Aurea/Pivotal) has published a remediation advisory and a researcher has released a public technical advisory, but the issue is not currently listed in CISA KEV and SSVC indicates no observed exploitation. CVSS 8.1 reflects high impact tempered by high attack complexity, while no public exploit identified at time of analysis is corroborated by SSVC's 'Exploitation: none'.

Deserialization RCE N A
NVD VulDB
CVSS 3.1
8.1
EPSS
0.8%
CVE-2026-46607 PyPI HIGH PATCH GHSA This Week

Local arbitrary code execution in Glances versions prior to 4.5.5 occurs when the daemon deserializes its version-check cache file via pickle.load() without integrity validation. An attacker with write access to the Glances user's XDG cache directory (~/.cache/glances/glances-version.db) can plant a malicious pickle that executes as the Glances process user - frequently root - on next startup. Publicly available exploit code exists in the GHSA advisory, but no public exploit identified at time of analysis as actively weaponized.

Docker Python Privilege Escalation RCE Deserialization +1
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-48512 NuGet MEDIUM PATCH GHSA This Month

Uncontrolled recursion in MessagePack-CSharp's JSON conversion helpers allows remote attackers to crash .NET host processes via an uncatchable StackOverflowException, producing a denial-of-service condition in applications that route untrusted input through these APIs. Three independent recursive code paths - ConvertFromJson's FromJsonCore(), TinyJsonReader.ReadNextToken() (which recurses once per comma or colon character, enabling exploitation via malformed JSON), and the ConvertToJson ext-100 typeless extension branch - all bypass the library's existing MessagePackSecurity depth-limit enforcement. No public exploit has been identified at time of analysis, and only applications explicitly using the JSON conversion helpers (not normal typed MessagePack deserialization) are exposed.

Deserialization Messagepack Csharp
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.2%
CVE-2026-48513 NuGet MEDIUM PATCH GHSA This Month

Uncontrolled recursion in MessagePack for C# allows network-reachable attackers to crash applications by submitting deeply nested union-type payloads that bypass the library's object graph depth protection. DynamicUnionResolver's runtime-generated deserializers omit the required MessagePackSecurity.DepthStep calls, leaving union code paths entirely outside the recursion guard that protects all other formatter paths. No public exploit or active KEV listing exists at time of analysis, but any application deserializing untrusted MessagePack data via union types over a network endpoint is exposed to availability-only impact.

Deserialization Messagepack Csharp
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.2%
CVE-2026-46495 Maven CRITICAL PATCH GHSA Act Now

Unauthenticated remote code execution in OpenDJ Community Edition through 5.1.0 occurs when the JMX RMI connector deserializes attacker-controlled Java objects before authentication is performed. Any deployment with the JMX Connection Handler enabled (commonly turned on for monitoring integrations) is exposed to pre-auth RCE over TCP, as demonstrated against OpenDJ 4.4.15 on JDK 11 with Jackson 2.12.6.1. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

RCE Java Deserialization
NVD GitHub
CVE-2025-71358 PyPI HIGH PATCH This Week

Detection bypass in picklescan before 0.0.29 allows attackers to smuggle arbitrary code execution payloads through pickle files by abusing the idlelib.autocomplete.AutoComplete.get_entity function inside __reduce__ methods. Because picklescan does not flag this function as dangerous, malicious ML model files (e.g., PyTorch checkpoints) appear safe to scan but execute attacker commands the moment a victim calls pickle.load(). Publicly available exploit code exists in the GHSA advisory, but no public exploit identified at time of analysis in CISA KEV.

Deserialization Picklescan
NVD GitHub
CVSS 4.0
7.6
EPSS
0.2%
CVE-2025-71344 PyPI HIGH PATCH This Week

Detection bypass in picklescan versions 0.0.26 and earlier (fixed in 0.0.30) allows attackers to smuggle arbitrary code through malicious pickle files by abusing Python's built-in ensurepip._run_pip function, which the scanner failed to flag as dangerous. Organizations relying on picklescan to vet PyTorch models or other serialized Python objects will load the file as safe and trigger remote code execution upon pickle.load(). Publicly available exploit code exists via the GHSA advisory PoC, though no public exploit identified in active campaigns at time of analysis.

RCE Deserialization Picklescan
NVD GitHub
CVSS 4.0
7.6
EPSS
0.4%
CVE-2025-71339 PyPI HIGH PATCH This Week

Arbitrary code execution in Picklescan before 0.0.33 occurs because the scanner fails to flag the numpy.f2py.crackfortran._eval_length gadget when used inside a pickle __reduce__ method, allowing crafted pickle files to be marked safe while still executing attacker-supplied Python on load. Workflows that rely on Picklescan to vet untrusted pickle or PyTorch model artifacts are exposed to supply-chain poisoning, and publicly available exploit code exists in the GHSA advisory.

RCE Deserialization Python Picklescan
NVD GitHub
CVSS 4.0
7.6
EPSS
0.3%
CVE-2026-48517 NuGet MEDIUM PATCH GHSA This Month

Typeless deserialization in MessagePack-CSharp allows blocked types to be instantiated by wrapping them inside arrays or generic type constructs, bypassing the ThrowIfDeserializingTypeIsDisallowed safety check. Applications using typeless deserialization on MessagePack-CSharp prior to versions 2.5.301 (2.x branch) and 3.1.7 (3.x branch) are exposed. No public exploit code or active exploitation has been identified at time of analysis; the CVSS 4.0 score of 6.3 reflects high attack complexity and the prerequisite that typeless deserialization must be enabled and attacker-controlled input must reach the deserializer.

Deserialization Messagepack Csharp
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.3%
CVE-2026-44795 Maven HIGH PATCH GHSA This Week

Remote code execution in Spinnaker's Rosco and Orca services arises because YAML input is parsed with SnakeYAML's unsafe default Constructor rather than a SafeConstructor, letting authenticated users who trigger CloudFormation deployments or CloudFoundry baking load arbitrary Java classes. An attacker with pipeline access can supply a crafted YAML tag (e.g. !!javax.script.ScriptEngineManager) to instantiate dangerous classes and reach code execution on the affected service host. No public weaponized exploit is identified, though the vendor fix commit ships tests demonstrating the arbitrary-object-instantiation primitive, and the flaw is not listed in CISA KEV.

Java Deserialization
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.0%
CVE-2025-71378 PyPI HIGH PATCH This Week

Detection bypass in picklescan versions before 0.0.30 allows malicious pickle files to evade security scanning by using cProfile.runctx in __reduce__ methods, leading to arbitrary code execution when the file is loaded via pickle.load(). The flaw undermines the core purpose of picklescan as a defensive tool for ML model security and was reported by VulnCheck with a published proof-of-concept in the GitHub Security Advisory. No public exploit identified at time of analysis as a weaponized in-the-wild attack, but PoC code is published in the GHSA.

Deserialization RCE Picklescan
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.3%
CVE-2025-71357 PyPI HIGH PATCH This Week

Detection bypass in picklescan before 0.0.30 allows attackers to smuggle arbitrary code execution payloads through pickle files by abusing idlelib.pyshell.ModifiedInterpreter.runcommand inside a __reduce__ method, which the scanner fails to flag as dangerous. Any victim who relies on picklescan to vet PyTorch models or other pickle artifacts and then calls pickle.load() will execute attacker-supplied commands. Publicly available exploit code exists (PoC published in the GHSA advisory), no CISA KEV listing, and the issue is fixed in version 0.0.30.

Deserialization Picklescan
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.2%
CVE-2025-71348 PyPI HIGH PATCH This Week

Detection bypass in picklescan before 0.0.28 allows attackers to smuggle arbitrary code through pickle files by abusing torch.utils._config_module.load_config inside __reduce__ methods, defeating the library's malicious-pickle scanning and enabling remote code execution when the file is later loaded. Publicly available exploit code exists (GHSA-vv6j-3g6g-2pvj includes a working PoC), and the flaw is significant for any ML pipeline that trusts picklescan to vet third-party PyTorch model files. No CISA KEV listing at time of analysis, so exploitation status is limited to public POC rather than confirmed in-the-wild use.

Deserialization RCE Picklescan
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.4%
CVE-2026-12787 LOW POC Monitor

Unsafe deserialization in zhilink ADP Application Developer Platform 1.0.0 exposes the testConnection endpoint to remote exploitation by low-privilege authenticated users via manipulation of the jdbcUrl parameter. A public exploit has been published (linked via Feishu document) despite vendor non-response to coordinated disclosure. No public exploit identified at time of analysis meets the KEV threshold, but the combination of public PoC, network-accessible endpoint, and no patch raises operational risk - particularly for organizations running this Chinese low-code/RAD platform internally.

Deserialization Adp Application Developer Platform
NVD VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2026-56304 PyPI MEDIUM PATCH This Month

Unsafe pickle deserialization in picklescan before 1.0.1 allows unauthenticated remote attackers to create arbitrary zero-byte files on the server by crafting malicious pickle payloads that instantiate Python's standard-library logging.FileHandler class. This technique bypasses RCE-focused blocklists because it abuses legitimate standard library functionality rather than commonly blocked modules, making it a notable blocklist-evasion primitive. A publicly available proof-of-concept exploit exists; no public exploit identified at time of analysis for active KEV-confirmed exploitation, but the PoC demonstrates concrete filesystem impact including lock-file-based denial of service.

Deserialization Denial Of Service Picklescan
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.3%
CVE-2026-48909 CRITICAL POC Act Now

Unauthenticated remote code execution in JoomShaper's SP LMS (com_splms) Joomla extension versions 1.0.0 through 4.1.3 allows network attackers to run arbitrary code on the server by sending a crafted cookie that the component deserializes without validation. The flaw is a textbook PHP object injection (CWE-502) with a CVSS 4.0 base score of 9.5, but at time of analysis there is no public exploit identified and the issue is not on the CISA KEV list. Risk is elevated because the trigger is a cookie value parsed before any authentication check.

RCE Deserialization Sp Lms Extension For Joomla
NVD VulDB Exploit-DB
CVSS 4.0
9.5
EPSS
0.8%
CVE-2026-54499 PyPI HIGH PATCH GHSA This Week

Arbitrary code execution in Stanford NLP's Stanza 1.12.0 (and ≤1.12.1) occurs when the library loads a malicious PyTorch checkpoint, because its pretrain loader silently falls back from torch.load(weights_only=True) to weights_only=False whenever an UnpicklingError is raised - a condition the attacker fully controls by embedding one unsupported pickle global. Publicly available exploit code exists (working PoC in the GHSA advisory), and any developer, CI pipeline, or production NLP service that downloads Stanza model files from HuggingFace, GitHub, or a shared cache can be compromised. Fixed in Stanza 1.12.2.

Checkpoint Deserialization Python RCE
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-49286 PHP HIGH PATCH GHSA This Week

PHAR deserialization in PhpWeasyPrint versions prior to 2.6.0 allows remote code execution by bypassing the case-sensitive phar:// blacklist introduced for CVE-2023-28115 - because PHP stream wrappers are case-insensitive, schemes like PHAR:// or PhAr:// pass the check and reach file_exists() in prepareOutput(). When the library runs on PHP 7.4+ and an attacker can influence the output filename argument passed to generation methods, a crafted PHAR archive's metadata is unserialized via a gadget chain, yielding code execution. No CISA KEV listing and no public exploit identified at time of analysis for this specific CVE, although the equivalent upstream KnpLabs/snappy advisory (GHSA-92rv-4j2h-8mjj) ships a working phpggc-based PoC that is directly portable.

PHP Deserialization RCE Php Weasyprint
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2026-55414 Maven MEDIUM PATCH GHSA This Month

Unauthenticated callers can trigger server-side request forgery against NL Portal Backend Libraries (nl.nl-portal:form versions 1.1.0.RELEASE through 3.0.3) by invoking the public GraphQL resolvers `getFormDefinitionByObjectenApiUrl` or `getFormDefinitionById`, causing the backend to issue outbound HTTP requests bearing a privileged Objecten-API `Authorization: Token` header to a caller-influenced URL on the configured Objecten-API host. The SSRF is constrained to the same configured host by a host-equality guard, and arbitrary data disclosure is further limited by strict typed deserialization in Kotlin, which keeps practical real-world impact at Medium despite unauthenticated network access. A lab proof-of-concept was confirmed by the reporter against the real Spring WebFlux stack; no public exploit code has been independently identified and the vulnerability is not listed in CISA KEV.

Authentication Bypass Deserialization Java SSRF
NVD GitHub
CVSS 3.1
5.3
CVE-2026-12046 CRITICAL PATCH Act Now

Remote unauthenticated access to two SQL Editor endpoints in pgAdmin 4 server-mode deployments (versions 6.9 through 9.15) exposes a pickle.loads sink that can be reached without a valid pgAdmin session. The defect is the missing @pga_login_required decorator on DELETE /sqleditor/close/<trans_id> and POST /sqleditor/initialize/sqleditor/update_connection/<sgid>/<sid>/<did>; turning this into code execution additionally requires an attacker to possess the Flask SECRET_KEY and write access to the sessions/ directory from a separate channel. No public exploit identified at time of analysis, and the issue does not appear on CISA KEV.

Python Authentication Bypass Deserialization RCE Pgadmin 4
NVD GitHub VulDB
CVSS 4.0
9.5
EPSS
0.7%
CVE-2026-54390 CRITICAL PATCH Act Now

Server-side template injection in JTL Shop 5.2.0 through 5.7.1 allows remote unauthenticated attackers to inject Smarty template syntax via unsanitized user input, exposing sensitive server-side values like database credentials and encryption keys. On versions 5.4.0 through 5.7.1, the flaw escalates to remote code execution by abusing registered Smarty modifiers (unserialize, file_get_contents) to drop a webshell and execute commands as the web server user. Publicly available exploit code exists via the Sansec research writeup, though no public exploit identified at time of analysis in CISA KEV.

Ssti Deserialization Jtl Shop
NVD VulDB
CVSS 4.0
9.3
EPSS
0.3%
CVE-2026-8024 CRITICAL PATCH Act Now

Remote code execution in iba ibaPDA and ibaDatCoordinator allows unauthenticated network attackers to gain full system control by exploiting an unsafe deserialization flaw (CWE-502). The CVSS 4.0 score of 9.3 reflects network-reachable exploitation with no privileges or user interaction and high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the trivial attack profile makes it a high priority for industrial environments running these data acquisition products.

Deserialization Ibapda Ibadatcoordinator
NVD VulDB
CVSS 4.0
9.3
EPSS
0.6%
CVE-2026-12569 CRITICAL POC KEV THREAT Emergency

Remote code execution in PTC Windchill PDMlink and PTC FlexPLM allows unauthenticated network attackers to execute arbitrary code via deserialization of untrusted data. All releases prior to 11.0 M030 are affected, as are all CPS versions, and no public exploit identified at time of analysis. Reported by PTC themselves, the flaw carries a CVSS 4.0 base score of 9.3 (critical) reflecting high impact across confidentiality, integrity, and availability without requiring authentication or user interaction.

Deserialization RCE Windchill Pdmlink Flexplm
NVD VulDB
CVSS 4.0
9.3
EPSS
0.5%
Threat
4.9
CVE-2026-50196 NuGet HIGH PATCH GHSA This Week

Denial of service in Steeltoe.Discovery.Eureka client (.NET) versions prior to 4.2.0 and 3.4.0 allows a remote Eureka registry containing service registrations with DataCenterInfo.name="Netflix" to permanently break the local service discovery cache. The client's DataCenterInfo.FromJson rejects any value other than "MyOwn" or "Amazon" with an ArgumentException that is silently swallowed by the periodic cache refresh task, leaving downstream .NET services unable to discover peers. No public exploit identified at time of analysis, but the trigger is trivially reachable in mixed Java/Spring-Cloud and Steeltoe environments.

Deserialization Java Steeltoe Discovery Eureka
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-53805 CRITICAL PATCH Act Now

Unauthenticated remote code execution in NVIDIA Spatial Intelligence Lab's GEN3C inference API server allows network attackers to execute arbitrary Python code by sending crafted pickle payloads to the /request-inference and /seed-model endpoints. The endpoints feed raw HTTP bodies directly into pickle.loads() with no authentication or validation, so a standard __reduce__ gadget yields code execution as the inference process. No public exploit identified at time of analysis, but the upstream patch and a VulnCheck advisory document the precise vulnerable code path.

Nvidia Deserialization Python RCE Gen3C
NVD GitHub
CVSS 4.0
9.3
EPSS
0.7%
CVE-2026-53874 PyPI CRITICAL PATCH Act Now

Arbitrary code execution in picklescan versions prior to 1.0.1 allows attackers to bypass the scanner's malicious pickle detection by obfuscating eval calls nested under callable objects via getattr, causing the very tool intended to detect malicious pickles to miss them. Publicly available exploit code exists via the GHSA advisory PoC, though no public exploit identified at time of analysis as actively used in attacks; the CVSS 4.0 score of 9.3 reflects unauthenticated network-reachable impact on confidentiality, integrity, and availability.

Deserialization RCE Picklescan
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.5%
CVE-2026-53872 PyPI HIGH PATCH This Week

Arbitrary file read in picklescan versions before 0.0.35 allows remote unauthenticated attackers to exfiltrate sensitive server files by abusing standard-library callables that the tool's RCE-focused blocklist fails to detect. By chaining io.FileIO and urllib.request.urlopen inside a malicious pickle, an attacker can stream contents of files such as /etc/passwd to an attacker-controlled URL when the scanner processes untrusted model artifacts. Publicly available exploit code exists in the GHSA advisory, but there is no public exploit identified at time of analysis in the form of in-the-wild abuse.

Path Traversal Deserialization Information Disclosure Picklescan
NVD GitHub
CVSS 4.0
8.7
EPSS
0.5%
CVE-2025-71321 PyPI CRITICAL PATCH Act Now

Arbitrary file write in picklescan before 0.0.33 lets attackers bypass the tool's dangerous-call blocklist by abusing distutils.file_util.write_file inside crafted pickle payloads. Because picklescan is used as a safety gate before loading ML model pickles, a bypass means malicious models pass scanning and can overwrite files on disk to achieve denial of service or remote code execution. Publicly available exploit code exists in the GHSA advisory, though there is no public exploit identified at time of analysis indicating active exploitation.

Denial Of Service Deserialization RCE Picklescan
NVD GitHub
CVSS 4.0
9.3
EPSS
0.6%
CVE-2025-60236 CRITICAL Act Now

PHP Object Injection in the EMV Creatify WordPress theme (versions up to and including 1.5) allows remote unauthenticated attackers to trigger insecure deserialization of attacker-supplied data, potentially leading to arbitrary code execution, file operations, or full site compromise depending on available gadget chains in the WordPress runtime. Patchstack catalogs this as a PHP Object Injection issue under CWE-502, and no public exploit was identified at time of analysis. EPSS data was not supplied, but the CVSS 9.8 rating reflects unauthenticated network-reachable impact.

Deserialization Creatify
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-60231 CRITICAL Act Now

Unauthenticated PHP Object Injection in the EMV "The Hospital" WordPress theme (nrghospital) through version 1.8.1 lets remote attackers trigger deserialization of attacker-controlled data, which can be chained with available POP gadgets to achieve full compromise of the host site. CVSS 9.8 reflects unauthenticated network exploitability with high CIA impact; no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Deserialization The Hospital
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-60230 CRITICAL Act Now

Unauthenticated PHP object injection in the Themeton 'The Barber Shop' WordPress theme (versions up to and including 1.9) allows remote attackers to deserialize attacker-controlled data, potentially leading to arbitrary code execution, file manipulation, or full site compromise when a usable POP gadget chain is present. The flaw was disclosed via Patchstack and carries a CVSS 3.1 score of 9.8, though no public exploit identified at time of analysis and EPSS data was not provided. The vulnerability is rooted in CWE-502 (Deserialization of Untrusted Data), a class historically abused for RCE in WordPress plugin/theme ecosystems.

Deserialization The Barber Shop
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-60229 CRITICAL Act Now

PHP object injection in the Themeton Lagom WordPress theme (versions up to and including 2.0) allows remote attackers to trigger unsafe deserialization of attacker-controlled data, potentially leading to full site compromise. The flaw is reported by Patchstack and carries a critical CVSS of 9.8 (AV:N/AC:L/PR:N/UI:N); no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Deserialization Lagom
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-49108 CRITICAL Act Now

Remote code execution via unauthenticated PHP Object Injection affects the Moderno WordPress theme in all versions prior to 1.43, enabling attackers to send crafted serialized payloads that trigger malicious object instantiation. With CVSS 9.8 and a fully remote, no-interaction attack vector, successful exploitation hinges on the presence of usable POP gadget chains in WordPress core or co-installed plugins. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

PHP Deserialization Moderno
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-40757 HIGH This Week

Unauthenticated PHP Object Injection in the Mikado-Themes 'Château' WordPress theme (versions ≤ 1.2.1) allows remote attackers to deserialize attacker-controlled data, potentially leading to arbitrary code execution, file manipulation, or full site compromise when a suitable POP gadget chain is present in the WordPress stack. The flaw was disclosed via Patchstack with CVSS 8.1 (high) due to network-reachable, unauthenticated impact across confidentiality, integrity, and availability, though high attack complexity (AC:H) reflects the dependency on a usable gadget chain. No public exploit identified at time of analysis.

PHP Deserialization Ch Teau
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-40756 HIGH This Week

Unauthenticated PHP Object Injection in the Mikado-Themes Zoya WordPress theme versions 1.4 and earlier allows remote attackers to inject crafted serialized objects that are deserialized by the application. Successful exploitation can lead to arbitrary code execution, data tampering, or denial of service depending on the gadget chains present in WordPress core, plugins, or other themes loaded on the site. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

PHP Deserialization Zoya
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-40752 HIGH This Week

Unauthenticated PHP object injection in the Manufaktur Solutions WordPress theme (versions 1.1.1 and earlier) allows remote attackers to deserialize attacker-controlled data, potentially leading to arbitrary code execution, data tampering, or denial of service when a suitable PHP gadget chain is present. The CVSS 3.1 score of 8.1 reflects high impact across confidentiality, integrity, and availability, tempered by AC:H due to dependency on exploitable gadget chains in the WordPress runtime. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

PHP Deserialization Manufaktur Solutions
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-40738 HIGH This Week

Unauthenticated PHP Object Injection in the Eldon WordPress theme (versions <= 1.4.1) by Edge-Themes allows remote attackers to inject arbitrary PHP objects through unsafe deserialization, potentially leading to remote code execution, data theft, or site compromise when a suitable POP gadget chain is present in the WordPress environment. No public exploit identified at time of analysis, and Patchstack rates this CVSS 8.1 (High) with high attack complexity reflecting the need for a usable gadget chain.

PHP Deserialization Eldon
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-40733 HIGH This Week

Unauthenticated PHP object injection in the Mikado Themes ShiftUp WordPress theme (versions ≤ 1.3) allows remote attackers to pass attacker-controlled serialized data into a PHP unserialize() sink, potentially triggering gadget chains that can lead to remote code execution, data tampering, or site takeover. CVSS is rated 8.1 with high attack complexity but no privileges or user interaction required, and no public exploit identified at time of analysis. The issue was disclosed via Patchstack.

PHP Deserialization Shiftup
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-39576 HIGH This Week

Unauthenticated PHP Object Injection in the SingleMalt WordPress theme (versions up to and including 1.5) allows remote attackers to deserialize attacker-controlled data, which can lead to compromise of confidentiality, integrity, and availability of affected WordPress sites. The flaw is exploitable without authentication or user interaction but has high attack complexity per its CVSS vector, and no public exploit identified at time of analysis.

PHP Deserialization Singlemalt
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2026-39560 HIGH This Week

Unauthenticated PHP object injection in the Select Themes 'Hiroshi' WordPress theme through version 1.5.1 allows remote attackers to supply crafted serialized payloads that are deserialized by the theme, potentially leading to code execution, file manipulation, or data compromise when a suitable PHP magic-method gadget chain is present in the WordPress stack. The flaw is reachable without authentication per the CVSS vector, and no public exploit has been identified at time of analysis.

PHP Deserialization Hiroshi
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-39556 HIGH This Week

Unauthenticated PHP Object Injection affects the Konsept WordPress theme (by elated-themes) in versions 1.9 and earlier, allowing remote attackers to inject crafted serialized PHP objects without authentication. Successful exploitation can lead to a full compromise of the WordPress site - high impact on confidentiality, integrity, and availability - though CVSS rates attack complexity as high, indicating non-trivial conditions are required. No public exploit identified at time of analysis.

PHP Deserialization Konsept
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-39445 HIGH This Week

Unauthenticated PHP Object Injection in the Alukas WordPress theme (versions prior to 3.0.0) allows remote attackers to inject crafted serialized PHP objects into the application, potentially leading to remote code execution, file manipulation, or full site compromise when a usable POP gadget chain is present. No public exploit identified at time of analysis, and the issue is tracked by Patchstack as a deserialization flaw affecting the presslayouts:alukas product line. Real-world impact depends on the gadget chains available in WordPress core or co-installed plugins.

PHP Deserialization Alukas
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2026-39442 HIGH This Week

Unauthenticated PHP Object Injection in the PressMart WordPress theme versions 1.2.26 and earlier allows remote attackers to deliver malicious serialized payloads that are deserialized by the theme, potentially leading to property-oriented gadget chain abuse and full site compromise. The flaw was disclosed via Patchstack and carries a CVSS 8.1 (AV:N/AC:H/PR:N/UI:N) - no public exploit identified at time of analysis, and the high attack complexity reflects the need for a usable gadget chain to escalate from deserialization to concrete impact.

PHP Deserialization Pressmart
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2025-69130 HIGH This Week

PHP Object Injection in the Entrepreneur - Booking for Small Businesses WordPress theme through version 3.1.3 allows authenticated subscriber-level users to trigger unsafe deserialization, potentially leading to full site compromise. The flaw was disclosed via Patchstack and carries a CVSS 3.1 base score of 8.8 reflecting high impact on confidentiality, integrity, and availability. No public exploit identified at time of analysis.

PHP Deserialization WordPress Entrepreneur Booking For Small Businesses Wordpress Theme
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-69127 CRITICAL Act Now

Unauthenticated PHP Object Injection in the ThemeREX Plumbing WordPress theme versions 1.6 and earlier allows remote attackers to inject arbitrary PHP objects via untrusted deserialization, potentially leading to full site compromise when a suitable POP gadget chain is present. No public exploit identified at time of analysis, but the CVSS 9.8 rating and unauthenticated network attack vector make this a high-priority issue for any WordPress site running this theme.

PHP Deserialization Plumbing
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-69111 CRITICAL Act Now

Unauthenticated PHP object injection in the ThemeREX Reisen WordPress theme versions 1.4.1 and earlier allows remote attackers to trigger deserialization of attacker-controlled data without authentication. Successful exploitation can lead to full site compromise via gadget chains commonly available in WordPress core or active plugins, with CVSS rated 9.8 critical. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

PHP Deserialization Reisen
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-11857 HIGH This Week

Local privilege escalation in Quanos SCHEMA ST4 on-premises allows an authenticated local user to gain NT AUTHORITY\SYSTEM by abusing insecure .NET Remoting deserialization in the Client Update Service. The endpoint, reachable through a local named pipe with TypeFilterLevel.Full, accepts attacker-controlled serialized objects and yields arbitrary code execution in the update process context. No public exploit identified at time of analysis, though a SEC-Consult/SEC-VLab advisory documents the issue.

Privilege Escalation Deserialization RCE Schema St4
NVD
CVSS 4.0
8.4
EPSS
0.3%
CVE-2026-54806 CRITICAL Act Now

Unauthenticated PHP object injection in the WP Activity Log WordPress plugin versions 5.6.3.1 and earlier allows remote attackers to deliver crafted serialized payloads that are deserialized by the plugin, enabling abuse of any POP (property-oriented programming) gadget chain present in WordPress core, other active plugins, or themes. With a CVSS 3.1 base of 9.8 (AV:N/AC:L/PR:N/UI:N) and no authentication required, successful exploitation typically yields remote code execution, arbitrary file operations, or database compromise on the affected site. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV, but the unauthenticated network-reachable nature makes it a high-priority patch for any site running the plugin.

PHP Deserialization Wp Activity Log
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2026-52706 CRITICAL Act Now

Unauthenticated PHP Object Injection in Crocoblock JetEngine WordPress plugin versions 3.8.10 and earlier allows remote attackers to inject arbitrary PHP objects, potentially leading to full site compromise via gadget-chain abuse. The CVSS 9.8 score reflects network-reachable, no-authentication, no-interaction exploitation against a widely deployed commercial WordPress plugin. No public exploit identified at time of analysis, but the unsafe-deserialization class (CWE-502) historically yields fast weaponization once a usable POP chain is published.

PHP Deserialization Jetengine
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-49107 CRITICAL PATCH Act Now

Unauthenticated PHP Object Injection in the Thrive Apprentice WordPress plugin (versions prior to 10.8.10.2) allows remote attackers to inject arbitrary PHP objects that get deserialized by the application, potentially leading to remote code execution when a suitable POP gadget chain is present. The flaw is reachable without authentication and carries a CVSS 9.8 critical rating with full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

PHP Deserialization Thrive Apprentice
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-49075 CRITICAL Act Now

PHP Object Injection in the JetEngine WordPress plugin (versions through 3.8.9.1) allows authenticated users with the Contributor role to inject crafted serialized objects that are deserialized by the plugin, potentially leading to code execution or other gadget-chain abuse on the host site. The flaw, reported by Patchstack and tracked under CWE-502, requires only the low-privileged Contributor role rather than admin access, which significantly broadens the attacker pool on multi-author WordPress installations. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

PHP Deserialization Jetengine
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-42380 CRITICAL PATCH Act Now

Unauthenticated PHP Object Injection in the AI Lab WordPress theme versions prior to 5.4.2 enables remote attackers to deliver crafted serialized payloads to a vulnerable deserialization sink. With a CVSS 9.8 rating and no authentication required, successful exploitation can lead to arbitrary code execution, data theft, or full site takeover depending on which POP gadget chains are available in WordPress core or installed plugins. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

PHP Deserialization Ai Lab
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2026-40753 HIGH This Week

Unauthenticated PHP Object Injection affects the Mikado-Themes EasyMeals WordPress theme through version 1.5.1, allowing remote attackers to inject crafted serialized objects that are deserialized by vulnerable PHP code paths. Successful exploitation can lead to high-impact compromise of confidentiality, integrity, and availability on the underlying WordPress site, though no public exploit identified at time of analysis. The CVSS 8.1 score reflects high attack complexity, consistent with the typical need for a usable gadget chain in the host WordPress environment.

PHP Deserialization Easymeals
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2026-40735 HIGH This Week

Unauthenticated PHP object injection in the Reina WordPress theme (versions 2.1 and earlier) by Edge Themes allows remote attackers to trigger insecure deserialization, potentially leading to arbitrary code execution, data tampering, or denial of service when a suitable PHP gadget chain is present in the WordPress instance. The flaw carries a CVSS 3.1 score of 8.1 (High) with no public exploit identified at time of analysis. The reference from Patchstack confirms the issue but no KEV listing or EPSS data is provided.

PHP Deserialization Reina
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2026-40725 CRITICAL PATCH Act Now

Unauthenticated PHP object injection in the WooCommerce Product Filters WordPress plugin (versions prior to 2.0.6) allows remote attackers to deserialize attacker-controlled data and trigger PHP magic methods on existing application gadgets. With a CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) and CWE-502 root cause, successful exploitation can lead to remote code execution, arbitrary file operations, or full site takeover depending on available POP chains in WordPress core or co-installed plugins. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

PHP Deserialization WordPress Woocommerce Product Filters
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-39573 HIGH This Week

Unauthenticated PHP Object Injection affects the Select Themes Mildhill WordPress theme in versions 1.5 and earlier, allowing remote attackers to inject crafted serialized PHP objects that the application deserializes without validation. Successful exploitation can yield high confidentiality, integrity, and availability impact on the underlying WordPress site, typically by chaining the injected object with a POP gadget present in the theme, WordPress core, or another installed plugin. No public exploit identified at time of analysis, and the issue is reported via Patchstack rather than the CISA KEV catalog.

PHP Deserialization Mildhill
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2026-39545 HIGH This Week

Unauthenticated PHP Object Injection in the Zermatt WordPress theme versions 1.6.1 and earlier allows remote attackers to deliver malicious serialized PHP objects to a vulnerable unserialize() sink without prior authentication. Successful exploitation can lead to high impact on confidentiality, integrity, and availability when a suitable POP gadget chain is reachable in the WordPress installation. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

PHP Deserialization Zermatt
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2026-27410 MEDIUM PATCH This Month

Unauthenticated deserialization of untrusted data in the Slimstat Analytics WordPress plugin (versions prior to 5.4.0) allows remote attackers to exploit PHP object injection without authentication. The CVSS vector indicates high attack complexity (AC:H) and scope change (S:C), meaning successful exploitation can affect components beyond the plugin itself - potentially the broader WordPress environment or server. No public exploit identified at time of analysis, and the fix version is confirmed as 5.4.0 per Patchstack reporting.

Deserialization Slimstat Analytics
NVD
CVSS 3.1
6.5
EPSS
0.3%
EPSS 1% CVSS 7.6
HIGH PATCH This Week

Detection bypass leading to arbitrary code execution in picklescan before 0.0.30 allows attackers to smuggle malicious payloads past the scanner by abusing the doctest.debug_script function, which picklescan's analyzer does not recognize as dangerous. Because picklescan is used to vet untrusted pickle/ML model files before loading, a crafted pickle marked 'safe' will execute attacker commands the moment pickle.load is invoked. There is no public exploit identified at time of analysis, and this is not listed in CISA KEV, but the technique is well-understood and was disclosed by VulnCheck.

Deserialization RCE Picklescan
NVD GitHub
EPSS 1% CVSS 7.6
HIGH PATCH This Week

Scanner-detection bypass in picklescan before 0.0.30 lets a crafted pickle file evade malicious-code detection and execute arbitrary code on deserialization. The tool - a Python security scanner used to vet untrusted pickle/ML model files - fails to flag `cProfile.run` calls embedded in a pickle object's `__reduce__` method, so a payload routed through `cProfile.run` passes the scan and then runs when the file is loaded. Reported by VulnCheck (CWE-502); no public exploit identified at time of analysis and it is not in CISA KEV.

Deserialization RCE Picklescan
NVD GitHub
EPSS 1% CVSS 7.6
HIGH PATCH This Week

Static-analysis bypass in Picklescan before 0.0.25 lets attackers smuggle malicious pickle files past its malware scanner, leading to arbitrary OS command execution when a victim deserializes the file. Picklescan's denylist fails to flag unsafe Numpy globals, so a reduce method invoking numpy.testing._private.utils.runstring can import os and run commands while being reported as safe. No public exploit has been identified at time of analysis, though VulnCheck's advisory documents the exact gadget; the issue is not in CISA KEV. CVSS 4.0 base score is 7.6.

Deserialization RCE Picklescan
NVD GitHub
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Malicious-pickle detection bypass in picklescan before 0.0.28 lets attackers smuggle remote-code-execution payloads past the scanner by hiding them in a pickle reduce method that invokes torch.utils.collect_env.run, which picklescan's blocklist failed to flag. Because picklescan is the gatekeeper many ML pipelines rely on to vet untrusted models (notably scanning Hugging Face artifacts), a 'clean' verdict on a weaponized file directly leads to command execution when the victim deserializes it. Reported by VulnCheck with a fix in 0.0.28; no public exploit identified at time of analysis and not listed in CISA KEV.

Deserialization Picklescan
NVD GitHub
EPSS 1% CVSS 7.6
HIGH PATCH This Week

Malicious pickle detection bypass in picklescan before 0.0.29 lets attackers smuggle arbitrary code execution payloads past the scanner by abusing the built-in trace.Trace.run function inside a pickle's __reduce__ method. Because picklescan does not flag trace.Trace.run as a dangerous global, a crafted model/pickle file is reported as safe yet executes arbitrary code when later deserialized via pickle.load. No public exploit identified at time of analysis; this is a classic deny-list gap in a security scanner that defenders rely on to gate untrusted ML artifacts.

Deserialization RCE Picklescan
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in IBM WebSphere eXtreme Scale 8.6.1.0-8.6.1.6 arises because three bundled ObjectInputStream subclasses (WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver) deserialize untrusted data without any JEP-290 lookahead class filter. When Oracle Coherence is present on the classpath, confirmed working gadget chains (RemoteConstructor.readResolve, PriorityQueue/ExtractorComparator) let a low-privileged authenticated attacker who can write a session attribute - or a LAN-adjacent attacker on the unauthenticated grid replication wire - run arbitrary code on peer WebSphere Application Server JVMs. A vendor patch is available; there is no public exploit identified and EPSS is low (0.29%), but IBM confirms the gadget chains function, giving total technical impact per SSVC.

Deserialization IBM RCE +1
NVD VulDB
EPSS 3% CVSS 10.0
CRITICAL PATCH Act Now

Remote code execution in IBM WebSphere eXtreme Scale 8.6.1.0 through 8.6.1.6 arises from roughly 50 generated CORBA stub classes in the shipped ogclient.jar that invoke ORB.string_to_object() on an attacker-controlled IOR string during Java deserialization, converting any unfiltered ObjectInputStream sink in the surrounding WebSphere Application Server into outbound IIOP server-side request forgery. When chained with the IBM ORB getUserException class-instantiation flaw (tracked as WAS-26), that SSRF escalates to code execution on the calling JVM. CVSS is 10.0 (scope-changed, full CIA impact); EPSS is 3.01% (86th percentile) and there is no public exploit identified at time of analysis.

Deserialization SSRF RCE +3
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Insecure deserialization (CWE-502) in IBM Langflow OSS versions 1.0.0 through 1.10.0 lets any party with access to the backing Redis store inject a malicious serialized object that Langflow deserializes, yielding arbitrary code execution with full application privileges. Successful exploitation exposes all stored secrets, flow data, and the underlying host, effectively a complete compromise of the Langflow instance. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV; a vendor patch is available per IBM advisory node 7278443.

Deserialization IBM Redis +2
NVD
EPSS 0% CVSS 8.4
HIGH Act Now

Arbitrary code execution in Delta Electronics DTMSoft arises from unsafe deserialization of untrusted data during project file parsing (CWE-502), allowing an attacker who supplies a malicious DTMSoft project file to run code in the context of the user who opens it. The flaw is local and requires victim interaction (opening the crafted file) rather than remote network exploitation, and impacts confidentiality, integrity, and availability fully. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; no EPSS score was supplied.

Deserialization RCE Dtmsoft
NVD
EPSS 0% CVSS 8.0
HIGH This Week

Arbitrary file deletion in the Export User Data plugin for WordPress (versions up to and including 2.2.6) allows an authenticated subscriber-level attacker to delete any file on the server, including wp-config.php, which can escalate to remote code execution. The flaw stems from unsafe deserialization of a PHP object embedded in a user's display name that is processed when an administrator exports user data. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; exploitation is gated by required administrator interaction.

WordPress Deserialization RCE +2
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Authenticated remote code execution affects the official openproject/openproject Docker image, which ships with a hardcoded Rails secret (ENV SECRET_KEY_BASE=OVERWRITE_ME). Because the application uses cookies_serializer = :marshal, any logged-in user who knows this deterministic key can forge a signed cookie containing a malicious Marshal payload that is deserialized when reaching the /my/two_factor_devices cookie reader, yielding code execution on the server (CVSS 9.9, scope-changed). At the time of analysis there is no public exploit identified and the issue is not in CISA KEV, but the predictability of the default key makes exploitation straightforward for anyone running an unmodified image.

Deserialization Docker Openproject
NVD GitHub
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Arbitrary code execution in the OWASP ZAP ViewState add-on (versions before 4) lets a malicious or attacker-controlled proxied web server compromise the security tester's own ZAP instance. By embedding a crafted serialized Java object in the javax.faces.ViewState response parameter, an attacker triggers unsafe Java deserialization inside the ZAP JVM the moment the operator views the ViewState panel in the Desktop UI. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the vendor has published an advisory and shipped a fix (viewstate-v4) that disables JSF support entirely.

Deserialization Java RCE
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

PHP Object Injection in the Uncanny Automator Pro WordPress plugin (versions <= 7.3.0.6) allows authenticated users holding only the low-privileged Subscriber role to inject crafted serialized PHP objects into an unsafe deserialization sink (CWE-502). Depending on the gadget chains present in the plugin or co-installed software, this can escalate to remote code execution, arbitrary file operations, or database tampering. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV; the input-supplied CVSS of 9.8 likely overstates privileges since the title explicitly scopes the flaw to the Subscriber role.

Deserialization PHP
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Authenticated PHP object injection in the RealHomes WordPress theme (versions 4.5.3 and earlier) lets a low-privileged Subscriber-level account inject crafted serialized objects into an unsafe deserialization sink (CWE-502). Because WordPress applications and plugins commonly contain POP gadget chains, this can escalate to arbitrary file operations, SQL injection, or remote code execution, which is reflected in the high CVSS 8.8 (C:H/I:H/A:H). Reported by Patchstack; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Deserialization PHP
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

PHP Object Injection in the BuddyBoss Platform WordPress plugin (versions 3.0.4 and earlier) allows attackers with low-privilege Subscriber access to inject crafted serialized objects that are deserialized unsafely, potentially leading to remote code execution, data tampering, or denial of service depending on available gadget chains. The flaw was reported by Patchstack and carries a CVSS base score of 9.8; however, the 'Subscriber' qualifier implies authenticated access is required, which conflicts with the PR:N in the published vector. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Deserialization PHP
NVD
EPSS 0% CVSS 8.1
HIGH This Week

PHP Object Injection in the Uncanny Automator WordPress plugin (versions 7.3.1.2 and earlier) lets unauthenticated remote attackers submit crafted serialized PHP objects that the application deserializes, potentially leading to full WordPress site compromise. The flaw is rooted in unsafe deserialization of untrusted data (CWE-502) and carries high confidentiality, integrity, and availability impact (CVSS 8.1). No public exploit identified at time of analysis and it is not in CISA KEV; the high attack complexity reflects the need for a usable POP gadget chain in the target environment.

Deserialization PHP
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in JetBrains Kotlin before 2.4.20 stems from unsafe deserialization (CWE-502) of build cache metadata, allowing an attacker who can influence cached build artifacts to execute arbitrary code during a build. The flaw carries a CVSS 9.8 (C:H/I:H/A:H) rating, but there is no public exploit identified at time of analysis and EPSS is very low (0.11%, 2nd percentile), and CISA SSVC marks exploitation as 'none'. JetBrains, who reported the issue, has released a fixed version (2.4.20).

Deserialization RCE Kotlin
NVD VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Detection bypass in picklescan through version 0.0.26 lets attackers smuggle malicious pickle payloads past the scanner by invoking idlelib.pyshell.ModifiedInterpreter.runcode from a __reduce__ method, which picklescan does not blocklist. Because organizations rely on picklescan to vet PyTorch models and serialized Python objects, a payload it marks 'safe' still achieves arbitrary command execution the moment the victim calls pickle.load(), enabling ML supply-chain attacks. Publicly available exploit code exists (GHSA-3gf5-cxq9-w223 ships a working PoC); the CVE is not in CISA KEV and EPSS data was not provided, so active exploitation is unconfirmed.

Deserialization Python Picklescan
NVD GitHub
HIGH PATCH This Week

Unsafe Java deserialization (CWE-502) in OpenAM Community Edition through 16.0.6 lets attackers abuse the anonymous Push Notification SNS callback REST route to force the server to load an attacker-named class and construct it from attacker-controlled JSON via Jackson. A low-privileged user who starts Push Registration can plant a malicious CTS predicate blob, then drive anonymous callbacks that yield a reliable class-loading and Jackson-construction primitive with classpath-dependent impacts ranging from token-record corruption and DoS to potential process execution and file writes. No public exploit is identified at time of analysis and confirmed arbitrary command execution was not demonstrated on stock classpaths; the issue is fixed in 16.1.1.

Deserialization Java RCE
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

PHP Object Injection in the EventPrime event-calendar-management WordPress plugin (versions 4.3.4.1 and earlier) allows an authenticated attacker holding only a low-privilege Subscriber account to inject crafted serialized objects into an unsafe deserialization sink. Depending on the PHP gadget chains present in WordPress core, the plugin, or other installed plugins, this can escalate to data tampering, information disclosure, or remote code execution. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; it was reported by Patchstack.

Deserialization PHP Eventprime
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Arbitrary code execution in MosaicML Composer arises when the library loads a model or resumption checkpoint, because checkpoint parsing deserializes attacker-controlled pickle data without validation (CWE-502). A user who loads a maliciously crafted checkpoint (.pt) file - for example one downloaded from a model hub or shared by a collaborator - runs arbitrary Python code in the context of the training process. Reported through ZDI (ZDI-26-384, ZDI-CAN-27990); no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but an upstream source fix is available.

Deserialization RCE Composer
NVD GitHub
CRITICAL PATCH Act Now

Arbitrary code execution affects the WebAuthn authentication module of Open Identity Platform OpenAM Community Edition through 16.0.6, where untrusted Java deserialization (CWE-502) of a user-controllable storage attribute lets an attacker run code as the application server user. The vendor advisory (GHSA-6c99-87fr-6q7r) characterizes this as a pre-authentication RCE, but it is reachable only in non-default deployments where the WebAuthn storage/userAttribute has become attacker-writable. No public exploit has been identified at time of analysis, and the issue is fixed in 16.1.1.

Deserialization RCE
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC PATCH Act Now

Remote code execution in Feast (the open-source ML feature store) before 0.63.0 lets remote attackers run OS commands as the feast service account by sending a crafted ApplyFeatureView gRPC request to the registry server. The registry base64-decodes the user_defined_function.body field of an OnDemandFeatureView and passes it to dill.loads() before any authorization check, so no credentials are required. A publicly available exploit code exists (reported by VulnCheck via huntr) and a vendor patch is available, though the flaw is not listed in CISA KEV.

Deserialization Python RCE +1
NVD GitHub
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Detection bypass in picklescan before 0.0.29 allows attackers to craft malicious pickle files using idlelib.debugobj.ObjectTreeItem.SetText in __reduce__ methods that evade the scanner's dangerous-function checks, resulting in arbitrary command execution when the victim subsequently calls pickle.load(). The flaw turns picklescan from a security control into a false-assurance tool for ML pipelines that consume untrusted PyTorch models. Publicly available exploit code exists via the GHSA advisory, though no public exploit identified in active campaigns at time of analysis.

Deserialization Picklescan
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Integrity bypass in jackson-databind 2.21.0-2.21.3 and 3.0.0-3.1.3 allows unauthenticated network attackers to write to private backing fields that application developers intended as read-only. The flaw occurs when a POJO uses @JsonProperty on a getter with @JsonIgnore on the setter - a common read-only-over-the-wire pattern - and MapperFeature.INFER_PROPERTY_MUTATORS is enabled (the default). No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog. The GHSA advisory characterizes the impact as property tampering and mass assignment; maintainers rate it minor despite a reporter-assessed HIGH severity.

Deserialization Jackson Databind
NVD GitHub HeroDevs VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Eager DNS resolution during InetSocketAddress deserialization in jackson-databind (versions 2.0.0 through pre-fix releases across the 2.18, 2.21, and 3.x lines) allows any attacker who can supply untrusted JSON to an affected endpoint to force outbound DNS lookups for attacker-chosen hostnames at readValue() time - before application validation or connect logic can intervene. This DNS-based SSRF (CWE-918) enables internal resolver probing, network topology enumeration, and DNS out-of-band interaction signals against applications that deserialize untrusted JSON into types containing InetSocketAddress fields. No public exploit code and no CISA KEV listing have been identified at time of analysis; EPSS data was not available in the provided intelligence sources.

SSRF Deserialization Jackson Databind +1
NVD GitHub HeroDevs VulDB
EPSS 1% CVSS 8.1
HIGH POC PATCH This Week

PolymorphicTypeValidator bypass in jackson-databind versions 2.10.0 through 2.18.7, 2.19.0 through 2.21.3, and 3.0.0 through 3.1.3 allows attackers controlling JSON type identifiers to smuggle denied gadget classes through allow-listed generic containers, leading to arbitrary class instantiation and potential remote code execution. The flaw stems from DatabindContext._resolveAndValidateGeneric() validating only the raw container class name while skipping all nested generic type arguments. No public exploit identified at time of analysis, but the GHSA advisory includes a proof-of-concept configuration and payload structure.

Canonical Deserialization Jackson Databind +1
NVD GitHub HeroDevs VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Spring Statemachine 3.2.0-3.2.4 and 4.0.0-4.0.1 allows authenticated attackers to execute arbitrary code inside the application JVM by injecting malicious serialized Java objects into the Kryo-based persistence backends (JPA, MongoDB, Redis, or ZooKeeper). The flaw stems from deserializing persisted state-machine contexts without enforcing a class allowlist, a classic CWE-502 pattern that has historically yielded reliable gadget-chain exploitation in Java applications. No public exploit identified at time of analysis, but the deserialization sink and Kryo gadget ecosystem make weaponization straightforward once an attacker can write to the persistence store.

Redis Deserialization RCE +1
NVD HeroDevs VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Detection bypass in picklescan versions prior to 0.0.29 allows attackers to smuggle arbitrary code execution payloads through malicious pickle files by leveraging idlelib.autocomplete.AutoComplete.fetch_completions inside the __reduce__ method. Because the scanner does not flag this built-in Python function as dangerous, victims who rely on picklescan to vet PyTorch models or other pickle artifacts will load attacker-controlled code under pickle.load(). Publicly available exploit code exists (in the GHSA advisory), though no active in-the-wild exploitation has been reported.

Deserialization Picklescan
NVD GitHub
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Detection bypass in picklescan before 0.0.28 allows attackers to embed malicious torch.jit.unsupported_tensor_ops.execWrapper calls in pickle files that evade the scanner and execute arbitrary code when later loaded via pickle.load(). Publicly available exploit code exists in the GHSA advisory, and the flaw directly undermines the security guarantee picklescan is meant to provide for PyTorch model files. No CISA KEV listing and no EPSS data are provided, but the scanner bypass nature makes this a meaningful supply-chain risk for ML pipelines.

RCE Deserialization Picklescan
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Detection bypass in picklescan before 0.0.33 allows attackers to smuggle arbitrary code through malicious pickle files by abusing numpy.f2py.crackfortran.myeval in a __reduce__ method, which the scanner fails to flag as dangerous. Any ML pipeline or model-hosting workflow that trusts picklescan's verdict before calling pickle.load() will execute attacker-controlled commands; publicly available exploit code exists in the GHSA advisory, and the CVSS 4.0 score of 7.6 reflects high confidentiality and integrity impact contingent on user interaction.

RCE Deserialization Picklescan
NVD GitHub
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Detection bypass in picklescan prior to 0.0.29 allows attackers to smuggle remote code execution payloads through pickle files that the scanner incorrectly classifies as safe. The library fails to flag the built-in profile.Profile.runctx function when used in a __reduce__ method, so a downstream pickle.load() of the scanned file executes arbitrary Python. Publicly available exploit code exists in the GHSA-6vqj-c2q5-j97w advisory, though no active exploitation has been reported.

RCE Deserialization Picklescan
NVD GitHub
EPSS 1% CVSS 8.1
HIGH This Week

Remote code execution in Pivotal CRM 6.6.04.08 Smart Client arises from insecure deserialization in the Pivotal.Core.Common.dll and Pivotal.Engine.Client.Services.Conversion.dll components, allowing remote attackers to execute arbitrary code on affected installations. The vendor (Aurea/Pivotal) has published a remediation advisory and a researcher has released a public technical advisory, but the issue is not currently listed in CISA KEV and SSVC indicates no observed exploitation. CVSS 8.1 reflects high impact tempered by high attack complexity, while no public exploit identified at time of analysis is corroborated by SSVC's 'Exploitation: none'.

Deserialization RCE N A
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local arbitrary code execution in Glances versions prior to 4.5.5 occurs when the daemon deserializes its version-check cache file via pickle.load() without integrity validation. An attacker with write access to the Glances user's XDG cache directory (~/.cache/glances/glances-version.db) can plant a malicious pickle that executes as the Glances process user - frequently root - on next startup. Publicly available exploit code exists in the GHSA advisory, but no public exploit identified at time of analysis as actively weaponized.

Docker Python Privilege Escalation +3
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Uncontrolled recursion in MessagePack-CSharp's JSON conversion helpers allows remote attackers to crash .NET host processes via an uncatchable StackOverflowException, producing a denial-of-service condition in applications that route untrusted input through these APIs. Three independent recursive code paths - ConvertFromJson's FromJsonCore(), TinyJsonReader.ReadNextToken() (which recurses once per comma or colon character, enabling exploitation via malformed JSON), and the ConvertToJson ext-100 typeless extension branch - all bypass the library's existing MessagePackSecurity depth-limit enforcement. No public exploit has been identified at time of analysis, and only applications explicitly using the JSON conversion helpers (not normal typed MessagePack deserialization) are exposed.

Deserialization Messagepack Csharp
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Uncontrolled recursion in MessagePack for C# allows network-reachable attackers to crash applications by submitting deeply nested union-type payloads that bypass the library's object graph depth protection. DynamicUnionResolver's runtime-generated deserializers omit the required MessagePackSecurity.DepthStep calls, leaving union code paths entirely outside the recursion guard that protects all other formatter paths. No public exploit or active KEV listing exists at time of analysis, but any application deserializing untrusted MessagePack data via union types over a network endpoint is exposed to availability-only impact.

Deserialization Messagepack Csharp
NVD GitHub VulDB
CRITICAL PATCH Act Now

Unauthenticated remote code execution in OpenDJ Community Edition through 5.1.0 occurs when the JMX RMI connector deserializes attacker-controlled Java objects before authentication is performed. Any deployment with the JMX Connection Handler enabled (commonly turned on for monitoring integrations) is exposed to pre-auth RCE over TCP, as demonstrated against OpenDJ 4.4.15 on JDK 11 with Jackson 2.12.6.1. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

RCE Java Deserialization
NVD GitHub
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Detection bypass in picklescan before 0.0.29 allows attackers to smuggle arbitrary code execution payloads through pickle files by abusing the idlelib.autocomplete.AutoComplete.get_entity function inside __reduce__ methods. Because picklescan does not flag this function as dangerous, malicious ML model files (e.g., PyTorch checkpoints) appear safe to scan but execute attacker commands the moment a victim calls pickle.load(). Publicly available exploit code exists in the GHSA advisory, but no public exploit identified at time of analysis in CISA KEV.

Deserialization Picklescan
NVD GitHub
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Detection bypass in picklescan versions 0.0.26 and earlier (fixed in 0.0.30) allows attackers to smuggle arbitrary code through malicious pickle files by abusing Python's built-in ensurepip._run_pip function, which the scanner failed to flag as dangerous. Organizations relying on picklescan to vet PyTorch models or other serialized Python objects will load the file as safe and trigger remote code execution upon pickle.load(). Publicly available exploit code exists via the GHSA advisory PoC, though no public exploit identified in active campaigns at time of analysis.

RCE Deserialization Picklescan
NVD GitHub
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Arbitrary code execution in Picklescan before 0.0.33 occurs because the scanner fails to flag the numpy.f2py.crackfortran._eval_length gadget when used inside a pickle __reduce__ method, allowing crafted pickle files to be marked safe while still executing attacker-supplied Python on load. Workflows that rely on Picklescan to vet untrusted pickle or PyTorch model artifacts are exposed to supply-chain poisoning, and publicly available exploit code exists in the GHSA advisory.

RCE Deserialization Python +1
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Typeless deserialization in MessagePack-CSharp allows blocked types to be instantiated by wrapping them inside arrays or generic type constructs, bypassing the ThrowIfDeserializingTypeIsDisallowed safety check. Applications using typeless deserialization on MessagePack-CSharp prior to versions 2.5.301 (2.x branch) and 3.1.7 (3.x branch) are exposed. No public exploit code or active exploitation has been identified at time of analysis; the CVSS 4.0 score of 6.3 reflects high attack complexity and the prerequisite that typeless deserialization must be enabled and attacker-controlled input must reach the deserializer.

Deserialization Messagepack Csharp
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Spinnaker's Rosco and Orca services arises because YAML input is parsed with SnakeYAML's unsafe default Constructor rather than a SafeConstructor, letting authenticated users who trigger CloudFormation deployments or CloudFoundry baking load arbitrary Java classes. An attacker with pipeline access can supply a crafted YAML tag (e.g. !!javax.script.ScriptEngineManager) to instantiate dangerous classes and reach code execution on the affected service host. No public weaponized exploit is identified, though the vendor fix commit ships tests demonstrating the arbitrary-object-instantiation primitive, and the flaw is not listed in CISA KEV.

Java Deserialization
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Detection bypass in picklescan versions before 0.0.30 allows malicious pickle files to evade security scanning by using cProfile.runctx in __reduce__ methods, leading to arbitrary code execution when the file is loaded via pickle.load(). The flaw undermines the core purpose of picklescan as a defensive tool for ML model security and was reported by VulnCheck with a published proof-of-concept in the GitHub Security Advisory. No public exploit identified at time of analysis as a weaponized in-the-wild attack, but PoC code is published in the GHSA.

Deserialization RCE Picklescan
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Detection bypass in picklescan before 0.0.30 allows attackers to smuggle arbitrary code execution payloads through pickle files by abusing idlelib.pyshell.ModifiedInterpreter.runcommand inside a __reduce__ method, which the scanner fails to flag as dangerous. Any victim who relies on picklescan to vet PyTorch models or other pickle artifacts and then calls pickle.load() will execute attacker-supplied commands. Publicly available exploit code exists (PoC published in the GHSA advisory), no CISA KEV listing, and the issue is fixed in version 0.0.30.

Deserialization Picklescan
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Detection bypass in picklescan before 0.0.28 allows attackers to smuggle arbitrary code through pickle files by abusing torch.utils._config_module.load_config inside __reduce__ methods, defeating the library's malicious-pickle scanning and enabling remote code execution when the file is later loaded. Publicly available exploit code exists (GHSA-vv6j-3g6g-2pvj includes a working PoC), and the flaw is significant for any ML pipeline that trusts picklescan to vet third-party PyTorch model files. No CISA KEV listing at time of analysis, so exploitation status is limited to public POC rather than confirmed in-the-wild use.

Deserialization RCE Picklescan
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

Unsafe deserialization in zhilink ADP Application Developer Platform 1.0.0 exposes the testConnection endpoint to remote exploitation by low-privilege authenticated users via manipulation of the jdbcUrl parameter. A public exploit has been published (linked via Feishu document) despite vendor non-response to coordinated disclosure. No public exploit identified at time of analysis meets the KEV threshold, but the combination of public PoC, network-accessible endpoint, and no patch raises operational risk - particularly for organizations running this Chinese low-code/RAD platform internally.

Deserialization Adp Application Developer Platform
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Unsafe pickle deserialization in picklescan before 1.0.1 allows unauthenticated remote attackers to create arbitrary zero-byte files on the server by crafting malicious pickle payloads that instantiate Python's standard-library logging.FileHandler class. This technique bypasses RCE-focused blocklists because it abuses legitimate standard library functionality rather than commonly blocked modules, making it a notable blocklist-evasion primitive. A publicly available proof-of-concept exploit exists; no public exploit identified at time of analysis for active KEV-confirmed exploitation, but the PoC demonstrates concrete filesystem impact including lock-file-based denial of service.

Deserialization Denial Of Service Picklescan
NVD GitHub VulDB
EPSS 1% CVSS 9.5
CRITICAL POC Act Now

Unauthenticated remote code execution in JoomShaper's SP LMS (com_splms) Joomla extension versions 1.0.0 through 4.1.3 allows network attackers to run arbitrary code on the server by sending a crafted cookie that the component deserializes without validation. The flaw is a textbook PHP object injection (CWE-502) with a CVSS 4.0 base score of 9.5, but at time of analysis there is no public exploit identified and the issue is not on the CISA KEV list. Risk is elevated because the trigger is a cookie value parsed before any authentication check.

RCE Deserialization Sp Lms Extension For Joomla
NVD VulDB Exploit-DB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Arbitrary code execution in Stanford NLP's Stanza 1.12.0 (and ≤1.12.1) occurs when the library loads a malicious PyTorch checkpoint, because its pretrain loader silently falls back from torch.load(weights_only=True) to weights_only=False whenever an UnpicklingError is raised - a condition the attacker fully controls by embedding one unsupported pickle global. Publicly available exploit code exists (working PoC in the GHSA advisory), and any developer, CI pipeline, or production NLP service that downloads Stanza model files from HuggingFace, GitHub, or a shared cache can be compromised. Fixed in Stanza 1.12.2.

Checkpoint Deserialization Python +1
NVD GitHub VulDB
EPSS 1% CVSS 8.1
HIGH PATCH This Week

PHAR deserialization in PhpWeasyPrint versions prior to 2.6.0 allows remote code execution by bypassing the case-sensitive phar:// blacklist introduced for CVE-2023-28115 - because PHP stream wrappers are case-insensitive, schemes like PHAR:// or PhAr:// pass the check and reach file_exists() in prepareOutput(). When the library runs on PHP 7.4+ and an attacker can influence the output filename argument passed to generation methods, a crafted PHAR archive's metadata is unserialized via a gadget chain, yielding code execution. No CISA KEV listing and no public exploit identified at time of analysis for this specific CVE, although the equivalent upstream KnpLabs/snappy advisory (GHSA-92rv-4j2h-8mjj) ships a working phpggc-based PoC that is directly portable.

PHP Deserialization RCE +1
NVD GitHub
CVSS 5.3
MEDIUM PATCH This Month

Unauthenticated callers can trigger server-side request forgery against NL Portal Backend Libraries (nl.nl-portal:form versions 1.1.0.RELEASE through 3.0.3) by invoking the public GraphQL resolvers `getFormDefinitionByObjectenApiUrl` or `getFormDefinitionById`, causing the backend to issue outbound HTTP requests bearing a privileged Objecten-API `Authorization: Token` header to a caller-influenced URL on the configured Objecten-API host. The SSRF is constrained to the same configured host by a host-equality guard, and arbitrary data disclosure is further limited by strict typed deserialization in Kotlin, which keeps practical real-world impact at Medium despite unauthenticated network access. A lab proof-of-concept was confirmed by the reporter against the real Spring WebFlux stack; no public exploit code has been independently identified and the vulnerability is not listed in CISA KEV.

Authentication Bypass Deserialization Java +1
NVD GitHub
EPSS 1% CVSS 9.5
CRITICAL PATCH Act Now

Remote unauthenticated access to two SQL Editor endpoints in pgAdmin 4 server-mode deployments (versions 6.9 through 9.15) exposes a pickle.loads sink that can be reached without a valid pgAdmin session. The defect is the missing @pga_login_required decorator on DELETE /sqleditor/close/<trans_id> and POST /sqleditor/initialize/sqleditor/update_connection/<sgid>/<sid>/<did>; turning this into code execution additionally requires an attacker to possess the Flask SECRET_KEY and write access to the sessions/ directory from a separate channel. No public exploit identified at time of analysis, and the issue does not appear on CISA KEV.

Python Authentication Bypass Deserialization +2
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Server-side template injection in JTL Shop 5.2.0 through 5.7.1 allows remote unauthenticated attackers to inject Smarty template syntax via unsanitized user input, exposing sensitive server-side values like database credentials and encryption keys. On versions 5.4.0 through 5.7.1, the flaw escalates to remote code execution by abusing registered Smarty modifiers (unserialize, file_get_contents) to drop a webshell and execute commands as the web server user. Publicly available exploit code exists via the Sansec research writeup, though no public exploit identified at time of analysis in CISA KEV.

Ssti Deserialization Jtl Shop
NVD VulDB
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

Remote code execution in iba ibaPDA and ibaDatCoordinator allows unauthenticated network attackers to gain full system control by exploiting an unsafe deserialization flaw (CWE-502). The CVSS 4.0 score of 9.3 reflects network-reachable exploitation with no privileges or user interaction and high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the trivial attack profile makes it a high priority for industrial environments running these data acquisition products.

Deserialization Ibapda Ibadatcoordinator
NVD VulDB
EPSS 0% 4.9 CVSS 9.3
CRITICAL POC KEV THREAT Emergency

Remote code execution in PTC Windchill PDMlink and PTC FlexPLM allows unauthenticated network attackers to execute arbitrary code via deserialization of untrusted data. All releases prior to 11.0 M030 are affected, as are all CPS versions, and no public exploit identified at time of analysis. Reported by PTC themselves, the flaw carries a CVSS 4.0 base score of 9.3 (critical) reflecting high impact across confidentiality, integrity, and availability without requiring authentication or user interaction.

Deserialization RCE Windchill Pdmlink +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Steeltoe.Discovery.Eureka client (.NET) versions prior to 4.2.0 and 3.4.0 allows a remote Eureka registry containing service registrations with DataCenterInfo.name="Netflix" to permanently break the local service discovery cache. The client's DataCenterInfo.FromJson rejects any value other than "MyOwn" or "Amazon" with an ArgumentException that is silently swallowed by the periodic cache refresh task, leaving downstream .NET services unable to discover peers. No public exploit identified at time of analysis, but the trigger is trivially reachable in mixed Java/Spring-Cloud and Steeltoe environments.

Deserialization Java Steeltoe Discovery Eureka
NVD GitHub VulDB
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

Unauthenticated remote code execution in NVIDIA Spatial Intelligence Lab's GEN3C inference API server allows network attackers to execute arbitrary Python code by sending crafted pickle payloads to the /request-inference and /seed-model endpoints. The endpoints feed raw HTTP bodies directly into pickle.loads() with no authentication or validation, so a standard __reduce__ gadget yields code execution as the inference process. No public exploit identified at time of analysis, but the upstream patch and a VulnCheck advisory document the precise vulnerable code path.

Nvidia Deserialization Python +2
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

Arbitrary code execution in picklescan versions prior to 1.0.1 allows attackers to bypass the scanner's malicious pickle detection by obfuscating eval calls nested under callable objects via getattr, causing the very tool intended to detect malicious pickles to miss them. Publicly available exploit code exists via the GHSA advisory PoC, though no public exploit identified at time of analysis as actively used in attacks; the CVSS 4.0 score of 9.3 reflects unauthenticated network-reachable impact on confidentiality, integrity, and availability.

Deserialization RCE Picklescan
NVD GitHub VulDB
EPSS 1% CVSS 8.7
HIGH PATCH This Week

Arbitrary file read in picklescan versions before 0.0.35 allows remote unauthenticated attackers to exfiltrate sensitive server files by abusing standard-library callables that the tool's RCE-focused blocklist fails to detect. By chaining io.FileIO and urllib.request.urlopen inside a malicious pickle, an attacker can stream contents of files such as /etc/passwd to an attacker-controlled URL when the scanner processes untrusted model artifacts. Publicly available exploit code exists in the GHSA advisory, but there is no public exploit identified at time of analysis in the form of in-the-wild abuse.

Path Traversal Deserialization Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

Arbitrary file write in picklescan before 0.0.33 lets attackers bypass the tool's dangerous-call blocklist by abusing distutils.file_util.write_file inside crafted pickle payloads. Because picklescan is used as a safety gate before loading ML model pickles, a bypass means malicious models pass scanning and can overwrite files on disk to achieve denial of service or remote code execution. Publicly available exploit code exists in the GHSA advisory, though there is no public exploit identified at time of analysis indicating active exploitation.

Denial Of Service Deserialization RCE +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

PHP Object Injection in the EMV Creatify WordPress theme (versions up to and including 1.5) allows remote unauthenticated attackers to trigger insecure deserialization of attacker-supplied data, potentially leading to arbitrary code execution, file operations, or full site compromise depending on available gadget chains in the WordPress runtime. Patchstack catalogs this as a PHP Object Injection issue under CWE-502, and no public exploit was identified at time of analysis. EPSS data was not supplied, but the CVSS 9.8 rating reflects unauthenticated network-reachable impact.

Deserialization Creatify
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unauthenticated PHP Object Injection in the EMV "The Hospital" WordPress theme (nrghospital) through version 1.8.1 lets remote attackers trigger deserialization of attacker-controlled data, which can be chained with available POP gadgets to achieve full compromise of the host site. CVSS 9.8 reflects unauthenticated network exploitability with high CIA impact; no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Deserialization The Hospital
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unauthenticated PHP object injection in the Themeton 'The Barber Shop' WordPress theme (versions up to and including 1.9) allows remote attackers to deserialize attacker-controlled data, potentially leading to arbitrary code execution, file manipulation, or full site compromise when a usable POP gadget chain is present. The flaw was disclosed via Patchstack and carries a CVSS 3.1 score of 9.8, though no public exploit identified at time of analysis and EPSS data was not provided. The vulnerability is rooted in CWE-502 (Deserialization of Untrusted Data), a class historically abused for RCE in WordPress plugin/theme ecosystems.

Deserialization The Barber Shop
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

PHP object injection in the Themeton Lagom WordPress theme (versions up to and including 2.0) allows remote attackers to trigger unsafe deserialization of attacker-controlled data, potentially leading to full site compromise. The flaw is reported by Patchstack and carries a critical CVSS of 9.8 (AV:N/AC:L/PR:N/UI:N); no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Deserialization Lagom
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote code execution via unauthenticated PHP Object Injection affects the Moderno WordPress theme in all versions prior to 1.43, enabling attackers to send crafted serialized payloads that trigger malicious object instantiation. With CVSS 9.8 and a fully remote, no-interaction attack vector, successful exploitation hinges on the presence of usable POP gadget chains in WordPress core or co-installed plugins. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

PHP Deserialization Moderno
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated PHP Object Injection in the Mikado-Themes 'Château' WordPress theme (versions ≤ 1.2.1) allows remote attackers to deserialize attacker-controlled data, potentially leading to arbitrary code execution, file manipulation, or full site compromise when a suitable POP gadget chain is present in the WordPress stack. The flaw was disclosed via Patchstack with CVSS 8.1 (high) due to network-reachable, unauthenticated impact across confidentiality, integrity, and availability, though high attack complexity (AC:H) reflects the dependency on a usable gadget chain. No public exploit identified at time of analysis.

PHP Deserialization Ch Teau
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated PHP Object Injection in the Mikado-Themes Zoya WordPress theme versions 1.4 and earlier allows remote attackers to inject crafted serialized objects that are deserialized by the application. Successful exploitation can lead to arbitrary code execution, data tampering, or denial of service depending on the gadget chains present in WordPress core, plugins, or other themes loaded on the site. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

PHP Deserialization Zoya
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated PHP object injection in the Manufaktur Solutions WordPress theme (versions 1.1.1 and earlier) allows remote attackers to deserialize attacker-controlled data, potentially leading to arbitrary code execution, data tampering, or denial of service when a suitable PHP gadget chain is present. The CVSS 3.1 score of 8.1 reflects high impact across confidentiality, integrity, and availability, tempered by AC:H due to dependency on exploitable gadget chains in the WordPress runtime. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

PHP Deserialization Manufaktur Solutions
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated PHP Object Injection in the Eldon WordPress theme (versions <= 1.4.1) by Edge-Themes allows remote attackers to inject arbitrary PHP objects through unsafe deserialization, potentially leading to remote code execution, data theft, or site compromise when a suitable POP gadget chain is present in the WordPress environment. No public exploit identified at time of analysis, and Patchstack rates this CVSS 8.1 (High) with high attack complexity reflecting the need for a usable gadget chain.

PHP Deserialization Eldon
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated PHP object injection in the Mikado Themes ShiftUp WordPress theme (versions ≤ 1.3) allows remote attackers to pass attacker-controlled serialized data into a PHP unserialize() sink, potentially triggering gadget chains that can lead to remote code execution, data tampering, or site takeover. CVSS is rated 8.1 with high attack complexity but no privileges or user interaction required, and no public exploit identified at time of analysis. The issue was disclosed via Patchstack.

PHP Deserialization Shiftup
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated PHP Object Injection in the SingleMalt WordPress theme (versions up to and including 1.5) allows remote attackers to deserialize attacker-controlled data, which can lead to compromise of confidentiality, integrity, and availability of affected WordPress sites. The flaw is exploitable without authentication or user interaction but has high attack complexity per its CVSS vector, and no public exploit identified at time of analysis.

PHP Deserialization Singlemalt
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated PHP object injection in the Select Themes 'Hiroshi' WordPress theme through version 1.5.1 allows remote attackers to supply crafted serialized payloads that are deserialized by the theme, potentially leading to code execution, file manipulation, or data compromise when a suitable PHP magic-method gadget chain is present in the WordPress stack. The flaw is reachable without authentication per the CVSS vector, and no public exploit has been identified at time of analysis.

PHP Deserialization Hiroshi
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated PHP Object Injection affects the Konsept WordPress theme (by elated-themes) in versions 1.9 and earlier, allowing remote attackers to inject crafted serialized PHP objects without authentication. Successful exploitation can lead to a full compromise of the WordPress site - high impact on confidentiality, integrity, and availability - though CVSS rates attack complexity as high, indicating non-trivial conditions are required. No public exploit identified at time of analysis.

PHP Deserialization Konsept
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated PHP Object Injection in the Alukas WordPress theme (versions prior to 3.0.0) allows remote attackers to inject crafted serialized PHP objects into the application, potentially leading to remote code execution, file manipulation, or full site compromise when a usable POP gadget chain is present. No public exploit identified at time of analysis, and the issue is tracked by Patchstack as a deserialization flaw affecting the presslayouts:alukas product line. Real-world impact depends on the gadget chains available in WordPress core or co-installed plugins.

PHP Deserialization Alukas
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated PHP Object Injection in the PressMart WordPress theme versions 1.2.26 and earlier allows remote attackers to deliver malicious serialized payloads that are deserialized by the theme, potentially leading to property-oriented gadget chain abuse and full site compromise. The flaw was disclosed via Patchstack and carries a CVSS 8.1 (AV:N/AC:H/PR:N/UI:N) - no public exploit identified at time of analysis, and the high attack complexity reflects the need for a usable gadget chain to escalate from deserialization to concrete impact.

PHP Deserialization Pressmart
NVD
EPSS 0% CVSS 8.8
HIGH This Week

PHP Object Injection in the Entrepreneur - Booking for Small Businesses WordPress theme through version 3.1.3 allows authenticated subscriber-level users to trigger unsafe deserialization, potentially leading to full site compromise. The flaw was disclosed via Patchstack and carries a CVSS 3.1 base score of 8.8 reflecting high impact on confidentiality, integrity, and availability. No public exploit identified at time of analysis.

PHP Deserialization WordPress +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unauthenticated PHP Object Injection in the ThemeREX Plumbing WordPress theme versions 1.6 and earlier allows remote attackers to inject arbitrary PHP objects via untrusted deserialization, potentially leading to full site compromise when a suitable POP gadget chain is present. No public exploit identified at time of analysis, but the CVSS 9.8 rating and unauthenticated network attack vector make this a high-priority issue for any WordPress site running this theme.

PHP Deserialization Plumbing
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unauthenticated PHP object injection in the ThemeREX Reisen WordPress theme versions 1.4.1 and earlier allows remote attackers to trigger deserialization of attacker-controlled data without authentication. Successful exploitation can lead to full site compromise via gadget chains commonly available in WordPress core or active plugins, with CVSS rated 9.8 critical. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

PHP Deserialization Reisen
NVD VulDB
EPSS 0% CVSS 8.4
HIGH This Week

Local privilege escalation in Quanos SCHEMA ST4 on-premises allows an authenticated local user to gain NT AUTHORITY\SYSTEM by abusing insecure .NET Remoting deserialization in the Client Update Service. The endpoint, reachable through a local named pipe with TypeFilterLevel.Full, accepts attacker-controlled serialized objects and yields arbitrary code execution in the update process context. No public exploit identified at time of analysis, though a SEC-Consult/SEC-VLab advisory documents the issue.

Privilege Escalation Deserialization RCE +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Unauthenticated PHP object injection in the WP Activity Log WordPress plugin versions 5.6.3.1 and earlier allows remote attackers to deliver crafted serialized payloads that are deserialized by the plugin, enabling abuse of any POP (property-oriented programming) gadget chain present in WordPress core, other active plugins, or themes. With a CVSS 3.1 base of 9.8 (AV:N/AC:L/PR:N/UI:N) and no authentication required, successful exploitation typically yields remote code execution, arbitrary file operations, or database compromise on the affected site. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV, but the unauthenticated network-reachable nature makes it a high-priority patch for any site running the plugin.

PHP Deserialization Wp Activity Log
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unauthenticated PHP Object Injection in Crocoblock JetEngine WordPress plugin versions 3.8.10 and earlier allows remote attackers to inject arbitrary PHP objects, potentially leading to full site compromise via gadget-chain abuse. The CVSS 9.8 score reflects network-reachable, no-authentication, no-interaction exploitation against a widely deployed commercial WordPress plugin. No public exploit identified at time of analysis, but the unsafe-deserialization class (CWE-502) historically yields fast weaponization once a usable POP chain is published.

PHP Deserialization Jetengine
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Unauthenticated PHP Object Injection in the Thrive Apprentice WordPress plugin (versions prior to 10.8.10.2) allows remote attackers to inject arbitrary PHP objects that get deserialized by the application, potentially leading to remote code execution when a suitable POP gadget chain is present. The flaw is reachable without authentication and carries a CVSS 9.8 critical rating with full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

PHP Deserialization Thrive Apprentice
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

PHP Object Injection in the JetEngine WordPress plugin (versions through 3.8.9.1) allows authenticated users with the Contributor role to inject crafted serialized objects that are deserialized by the plugin, potentially leading to code execution or other gadget-chain abuse on the host site. The flaw, reported by Patchstack and tracked under CWE-502, requires only the low-privileged Contributor role rather than admin access, which significantly broadens the attacker pool on multi-author WordPress installations. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

PHP Deserialization Jetengine
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Unauthenticated PHP Object Injection in the AI Lab WordPress theme versions prior to 5.4.2 enables remote attackers to deliver crafted serialized payloads to a vulnerable deserialization sink. With a CVSS 9.8 rating and no authentication required, successful exploitation can lead to arbitrary code execution, data theft, or full site takeover depending on which POP gadget chains are available in WordPress core or installed plugins. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

PHP Deserialization Ai Lab
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated PHP Object Injection affects the Mikado-Themes EasyMeals WordPress theme through version 1.5.1, allowing remote attackers to inject crafted serialized objects that are deserialized by vulnerable PHP code paths. Successful exploitation can lead to high-impact compromise of confidentiality, integrity, and availability on the underlying WordPress site, though no public exploit identified at time of analysis. The CVSS 8.1 score reflects high attack complexity, consistent with the typical need for a usable gadget chain in the host WordPress environment.

PHP Deserialization Easymeals
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated PHP object injection in the Reina WordPress theme (versions 2.1 and earlier) by Edge Themes allows remote attackers to trigger insecure deserialization, potentially leading to arbitrary code execution, data tampering, or denial of service when a suitable PHP gadget chain is present in the WordPress instance. The flaw carries a CVSS 3.1 score of 8.1 (High) with no public exploit identified at time of analysis. The reference from Patchstack confirms the issue but no KEV listing or EPSS data is provided.

PHP Deserialization Reina
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Unauthenticated PHP object injection in the WooCommerce Product Filters WordPress plugin (versions prior to 2.0.6) allows remote attackers to deserialize attacker-controlled data and trigger PHP magic methods on existing application gadgets. With a CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) and CWE-502 root cause, successful exploitation can lead to remote code execution, arbitrary file operations, or full site takeover depending on available POP chains in WordPress core or co-installed plugins. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

PHP Deserialization WordPress +1
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated PHP Object Injection affects the Select Themes Mildhill WordPress theme in versions 1.5 and earlier, allowing remote attackers to inject crafted serialized PHP objects that the application deserializes without validation. Successful exploitation can yield high confidentiality, integrity, and availability impact on the underlying WordPress site, typically by chaining the injected object with a POP gadget present in the theme, WordPress core, or another installed plugin. No public exploit identified at time of analysis, and the issue is reported via Patchstack rather than the CISA KEV catalog.

PHP Deserialization Mildhill
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated PHP Object Injection in the Zermatt WordPress theme versions 1.6.1 and earlier allows remote attackers to deliver malicious serialized PHP objects to a vulnerable unserialize() sink without prior authentication. Successful exploitation can lead to high impact on confidentiality, integrity, and availability when a suitable POP gadget chain is reachable in the WordPress installation. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

PHP Deserialization Zermatt
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Unauthenticated deserialization of untrusted data in the Slimstat Analytics WordPress plugin (versions prior to 5.4.0) allows remote attackers to exploit PHP object injection without authentication. The CVSS vector indicates high attack complexity (AC:H) and scope change (S:C), meaning successful exploitation can affect components beyond the plugin itself - potentially the broader WordPress environment or server. No public exploit identified at time of analysis, and the fix version is confirmed as 5.4.0 per Patchstack reporting.

Deserialization Slimstat Analytics
NVD
Prev Page 2 of 30 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy