Insecure Deserialization

Unauthenticated PHP Object Injection in the wpForo Forum WordPress plugin versions 3.1.0 and earlier allows remote attackers to deliver untrusted serialized payloads that are deserialized by the plugin, leading to potential remote code execution, data tampering, and full site compromise depending on available POP gadget chains. The flaw is reachable without authentication over the network and carries a vendor CVSS of 9.8; no public exploit identified at time of analysis and the issue is not currently on the CISA KEV list.

Unauthenticated PHP Object Injection in the Happyforms WordPress plugin (versions <= 1.26.13) allows remote attackers to deliver attacker-controlled serialized objects that get deserialized by the plugin, potentially leading to remote code execution, file manipulation, or data compromise on the underlying WordPress site. No public exploit identified at time of analysis, but the CVSS 9.8 rating and unauthenticated network attack vector make this a high-priority issue for any site running the plugin. Reported by Patchstack with a corresponding advisory in their WordPress vulnerability database.

Unauthenticated PHP Object Injection in the WordPress plugin 'Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms' (versions <= 1.1.8) allows remote attackers to deserialize attacker-controlled data, potentially leading to remote code execution when a suitable POP (property-oriented programming) gadget chain exists in the WordPress environment. The flaw is reachable without authentication and carries a CVSS 9.8 rating, though no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV. The plugin is distributed by CRM Perks and was disclosed via Patchstack.

Unauthenticated PHP Object Injection in the Integration for Contact Form 7 HubSpot WordPress plugin (versions <= 1.3.7) allows remote attackers to inject malicious serialized PHP objects, which can lead to full site compromise when a suitable POP gadget chain exists in WordPress core or co-installed plugins. The flaw is reachable without authentication or user interaction (CVSS 9.8) and was reported by Patchstack. No public exploit identified at time of analysis.

Unauthenticated PHP object injection in the WordPress plugin 'Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms' (versions <= 1.4.3) allows remote attackers to pass attacker-controlled serialized data into PHP's unserialize() function. With a CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) and no authentication required, successful exploitation can lead to arbitrary code execution, data theft, or full site takeover when a suitable POP gadget chain is present. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Unauthenticated PHP Object Injection in the WordPress plugin Integration for Contact Form 7 and Constant Contact (versions <= 1.1.6) allows remote attackers to inject crafted serialized PHP objects that get deserialized server-side. When a suitable POP (property-oriented programming) gadget chain is present in WordPress core, another active plugin, or a theme, this can escalate to arbitrary file read/write, deletion, or remote code execution on the host. No public exploit identified at time of analysis, but the CVSS 9.8 rating reflects the unauthenticated network-reachable attack surface.

Unauthenticated PHP Object Injection in the CRM Perks 'WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms' WordPress plugin (versions 1.1.4 and earlier) allows remote attackers to inject crafted serialized PHP objects into the application, potentially leading to remote code execution, data theft, or site takeover when a suitable POP gadget chain is present. The flaw is reported by Patchstack and carries a 9.8 CVSS score with network-reachable, no-privilege, no-interaction characteristics. No public exploit identified at time of analysis.

Unauthenticated PHP object injection in the WordPress plugin 'Integration for Keap/Infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms' (versions 1.2.1 and earlier) allows remote attackers to inject crafted serialized objects that can be deserialized by the plugin, potentially leading to full site compromise. No public exploit identified at time of analysis, but the CVSS 9.8 score and unauthenticated network attack vector make this a high priority for any WordPress site running the affected plugin. EPSS and CISA KEV data were not provided in the input, so real-world exploitation prevalence is undetermined.

Unauthenticated PHP object injection in the WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms WordPress plugin (versions <= 1.1.4) allows remote attackers to deliver crafted serialized payloads that the plugin deserializes without validation. Successful exploitation can lead to remote code execution, data tampering, or full site compromise when a suitable POP (property-oriented programming) gadget chain is available in WordPress core, the active theme, or any installed plugin. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Unauthenticated PHP Object Injection in the EventPrime event calendar plugin for WordPress (versions <= 4.3.2.1) allows remote attackers to inject crafted serialized PHP objects that may trigger arbitrary deserialization-driven gadget chains, leading to potential remote code execution, file manipulation, or data tampering. The flaw is reachable without authentication but carries CVSS:3.1 AC:H, indicating non-trivial preconditions for successful exploitation. No public exploit identified at time of analysis, but Patchstack disclosure typically precedes broader exploit development against the WordPress plugin ecosystem.

PHP Object Injection in the Events Calendar for GeoDirectory WordPress plugin (versions <= 2.3.25) allows authenticated users with Contributor-level privileges to trigger unsafe deserialization, potentially leading to remote code execution, data tampering, or denial of service on the host WordPress site. The flaw is tracked as CWE-502 and was disclosed via Patchstack with a CVSS 3.1 score of 8.8, but no public exploit identified at time of analysis. Patchstack reports the issue and no vendor-released patch identified at time of analysis based on the supplied data.

PHP Object Injection in the Advanced Product Fields (Product Addons) for WooCommerce plugin versions 1.6.19 and below allows authenticated users with Shop Manager privileges to deserialize attacker-controlled data, potentially leading to remote code execution or full site compromise depending on available PHP gadget chains. The flaw was disclosed by Patchstack and tracked as EUVD-2026-36946; no public exploit identified at time of analysis and the issue is not in CISA KEV.

PHP Object Injection in the YayMail WordPress plugin (versions ≤ 4.3.3) allows authenticated users with Shop Manager privileges to inject crafted serialized PHP objects and trigger deserialization on the server. Successful exploitation can lead to high-impact compromise of confidentiality, integrity, and availability of the WordPress site, though no public exploit identified at time of analysis. The flaw is reported by Patchstack and tracked as EUVD-2026-36945.

PHP Object Injection in the Modula Image Gallery WordPress plugin (versions ≤ 2.14.18) allows authenticated authors to trigger unsafe deserialization of attacker-controlled input, potentially leading to remote code execution, data tampering, or denial of service depending on available POP gadget chains in the WordPress environment. The flaw was disclosed by Patchstack and tracked as ENISA EUVD-2026-36940; no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Authenticated PHP object injection in the WordPress 'Anti-Malware Security and Brute-Force Firewall' (GOTMLS) plugin through version 4.23.87 allows contributor-level users to inject crafted serialized PHP objects that are deserialized by the plugin. Successful exploitation can pivot through existing PHP gadget chains in WordPress or other installed plugins to achieve high-impact compromise of the site. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list.

PHP Object Injection in the Post Duplicator WordPress plugin versions <= 3.0.10 allows authenticated users with Contributor-level privileges to trigger insecure deserialization, potentially leading to remote code execution, data tampering, or full site compromise. The flaw is rated CVSS 8.8 (High) and was disclosed by Patchstack. No public exploit identified at time of analysis and the vulnerability is not currently listed in CISA KEV.

PHP Object Injection in the WooCommerce PDF Invoices & Packing Slips WordPress plugin before version 5.9.0 allows authenticated users with Shop Manager privileges to trigger unsafe deserialization, potentially leading to full compromise of confidentiality, integrity, and availability. The flaw was reported by Patchstack and a vendor patch is available, though no public exploit has been identified at time of analysis. The CVSS 7.2 score reflects high privilege requirements offset by network reach and severe impact.

Authenticated PHP Object Injection in the ShortPixel Image Optimizer WordPress plugin (versions 6.4.3 and earlier) allows attackers with Author-level privileges to trigger unsafe deserialization of attacker-controlled data, enabling code execution or other impacts when a suitable PHP gadget chain is present. Reported by Patchstack with no public exploit identified at time of analysis, the flaw is tracked as CWE-502 and carries a CVSS 3.1 score of 7.2 due to the high-privilege prerequisite but full CIA impact.

PHP Object Injection in the CTX Feed (WebAppick Product Feed for WooCommerce) WordPress plugin versions up to and including 6.6.26 allows authenticated users with Shop Manager privileges to trigger unsafe deserialization, leading to full compromise of confidentiality, integrity, and availability on the host site. The flaw was disclosed by Patchstack and tracked as EUVD-2026-36924; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Unauthenticated PHP object injection in the Paid Videochat Turnkey Site WordPress plugin (versions 7.3.23 and earlier, also marketed as 'ppv-live-webcams') allows remote attackers to deserialize untrusted data and potentially achieve full compromise of the underlying site. The flaw was reported by Patchstack and tracked as EUVD-2026-36915; no public exploit code or CISA KEV listing is identified at time of analysis, though the CVSS 8.1 score reflects confidentiality, integrity, and availability impact gated by high attack complexity.

Unauthenticated PHP Object Injection in the Broadcast Live Video WordPress plugin (versions prior to 7.1.3) allows remote attackers to inject crafted serialized PHP objects that are deserialized by the application. With a CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) and CWE-502 root cause, successful exploitation can lead to remote code execution, data theft, or full site takeover when suitable gadget chains are present in the WordPress stack. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Unauthenticated PHP Object Injection in the WordPress plugin 'Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms' (versions 1.1.1 and earlier) allows remote attackers to inject crafted serialized objects that are deserialized by the plugin, enabling abuse of POP gadget chains for code execution, file operations, or data tampering. The flaw scores CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) and impacts any WordPress site running the affected CRM Perks integration plugin. There is no public exploit identified at time of analysis, but the unauthenticated nature and prevalence of WordPress as a target make this a high-priority patching item.

Unsafe PHP deserialization in Quick.CMS by OpenSolution lets an on-path attacker who can tamper with the plaintext HTTP channel inject malicious serialized objects that are deserialized when an administrator opens the admin panel, yielding arbitrary code execution on the server. The CVSS 4.0 vector (AV:A/AC:L/AT:P/PR:N/UI:P) reflects that exploitation requires adjacent-network MITM positioning plus an administrator session, and no public exploit identified at time of analysis. CERT-PL reported the issue and OpenSolution shipped a patch for version 6.8 on 14.05.2026 that mitigates the flaw by forcing HTTPS.

Insecure deserialization in Comma AI Openpilot 0.11 allows a local authenticated attacker to achieve code execution by supplying a malicious pickle payload to the pickle.load/pickle.loads calls in selfdrive/modeld/modeld.py. The flaw requires local access with low privileges and no public exploit identified at time of analysis, but the vendor reportedly did not respond to coordinated disclosure, leaving the issue unpatched. CVSS 4.0 scores it 7.1 (High) with full confidentiality, integrity, and availability impact on the vulnerable system.

Denial-of-service in MessagePack-CSharp's optional LZ4 decompression path (Lz4Block and Lz4BlockArray modes) allows remote unauthenticated attackers to crash .NET applications that deserialize untrusted MessagePack payloads. A crafted payload with manipulated LZ4 token/length fields triggers an out-of-bounds read raising an AccessViolationException, and may also leak limited adjacent memory before the process dies. No public exploit identified at time of analysis, but the vendor has published an advisory (GHSA-hv8m-jj95-wg3x) with patched releases 2.5.301 and 3.1.7.

Remote code execution in GeoServer (versions prior to 2.27.0) with the DB2 extension installed allows authenticated administrators to perform a JNDI injection attack via a crafted DB2 JDBC connection URL submitted through the Vector Data Sources page, ultimately triggering Java deserialization of untrusted data and arbitrary code execution. No public exploit identified at time of analysis, and the vulnerability is not on CISA KEV, but the attack pattern follows well-known JNDI/Log4Shell-style RCE techniques. Risk is meaningful only where the DB2 extension is deployed and an administrative account is reachable.

Remote code execution in Spring for GraphQL versions 1.3.0-1.3.8, 1.4.0-1.4.5, and 2.0.0-2.0.3 allows unauthenticated attackers to trigger unsafe deserialization by sending crafted paginated GraphQL queries against Connection-type fields. Exploitation requires that the application expose a paginated (Connection) field and that the classpath contains gadget classes leveraged during deserialization. No public exploit identified at time of analysis; EPSS sits at 0.34% (57th percentile) and the issue is not in CISA KEV, but a vendor patch is available.

Remote code execution in Splunk Enterprise, Splunk Cloud Platform, and the Splunk Secure Gateway app allows a low-privileged authenticated user (without 'admin' or 'power' roles) to execute arbitrary Python on the server by abusing unsafe jsonpickle deserialization of App Key Value Store (KV Store) data. CVSS is 8.8 (network, low complexity, low privileges) and the issue is currently rated as no public exploit identified at time of analysis. The flaw is reported by Cisco and disclosed via Splunk advisory SVD-2026-0601.

Authenticated remote code execution in Jenkins 2.567 and earlier (LTS 2.555.2 and earlier) allows attackers with permission to submit config.xml to trigger deserialization of arbitrary core or plugin types that subsequently handle HTTP requests, enabling user impersonation, Script Console abuse, and arbitrary file reads from the controller. The flaw is tracked as a CWE-502 unsafe deserialization issue with a CVSS 3.1 score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). No public exploit identified at time of analysis, but the vendor (Jenkins project) has issued a coordinated advisory and patched releases.

Remote code execution in NSA Ghidra before version 12.1 allows attackers to execute arbitrary commands when a user opens a malicious shared-project file containing a ghidra:// URL, triggering unsafe Java deserialization in the client-side Shared-Project RMI connection code. Exploitation leverages a Jython 2.7.4 gadget chain and requires only user interaction (opening the crafted project), with no authentication needed. No public exploit identified at time of analysis, though VulnCheck has published an advisory describing the flaw.

PHP Object Injection in Concrete CMS versions below 9.5.2 allows arbitrary PHP object instantiation through unsafe unserialize() calls in the Permission, Cache, and Search components. The flaw is triggered when a malicious serialized payload has already been written to the database, meaning the unauthenticated trigger depends on a prior write primitive existing in the deployment. No public exploit identified at time of analysis, and CVSS 4.0 base scores it 8.4 with high confidentiality, integrity, and availability impact.

Insecure deserialization in Broadcom Layer 7 API Gateway 11.2.1 exposes organizations to remote code execution or broken security control enforcement when an adversary can intercept and tamper with traffic between a client application and the gateway. The CVSS 4.0 vector assigns High subsequent-system confidentiality impact (SC:H), reflecting the gateway's privileged position as a broker to downstream backend services - meaning a successful exploit can cascade beyond the gateway itself. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog, but the RCE potential and architectural sensitivity of an API gateway make this a meaningful priority for affected deployments.

Insecure deserialization in Spring for Apache Pulsar's JsonPulsarHeaderMapper allows remote attackers to bypass trusted-package controls and potentially trigger arbitrary Java object instantiation through Pulsar message headers. The flaw stems from a prefix-based package match plus an unsafe empty-allow-list default, affecting versions 1.1.0-1.1.17, 1.2.0-1.2.17, and 2.0.0-2.0.5. No public exploit identified at time of analysis, but the CVSS 8.1 rating and CWE-502 classification place this firmly in the high-impact Java deserialization category that has historically yielded remote code execution.

Unsafe deserialization in Spring for Apache Kafka (versions 2.8.0-4.0.5 across multiple branches) allows a malicious Kafka producer to send crafted message headers that cause downstream consumers to instantiate arbitrary JDK types via Jackson. The flaw stems from a prefix-based trusted-packages check in JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper, which silently extends trust to every subpackage. No public exploit identified at time of analysis, but the bug class (CWE-502 with Jackson default typing) has a long history of leading to remote code execution in Spring/Java ecosystems.

Insecure deserialization in Spring Security 7.0.0 through 7.0.5 allows an attacker with write access to the saml2_asserting_party_metadata database table to store malicious serialized Java payloads in the verification_credentials or encryption_credentials columns, leading to code execution when the JdbcAssertingPartyMetadataRepository deserializes them. The flaw affects deployments using the JDBC-backed SAML 2.0 asserting-party metadata repository introduced in the Spring Security 7.x line. No public exploit identified at time of analysis and EPSS is very low (0.01%), but CVSS rates impact as High due to full confidentiality, integrity, and availability loss on the application.

Remote code execution in Veeam Backup & Replication enables an authenticated domain user to execute arbitrary code on the Backup Server, with CVSS 4.0 score of 9.4 reflecting high impact across confidentiality, integrity, and availability of both the vulnerable component and downstream systems. The vulnerability is tagged as a deserialization flaw (CWE-502), and while no public exploit is identified at time of analysis, the low attack complexity and only-low-privilege requirement make this a high-priority patching event for any environment running Veeam in a domain-joined configuration.

Cross-site scripting in Microsoft SharePoint Server (2016, 2019, and Subscription Edition) enables low-privileged authenticated attackers to perform spoofing attacks over a network without requiring user interaction. The CVSS vector (AV:N/AC:L/PR:L/UI:N) confirms network-reachable exploitation by any authenticated SharePoint user with no further interaction required from a victim. No public exploit identified at time of analysis and CISA SSVC classifies exploitation status as none, though vendor patches are available for all three affected product lines.

Privilege escalation in Microsoft Office SharePoint allows an authenticated network attacker to elevate privileges by submitting maliciously crafted serialized data that the server deserializes without proper validation. The CVSS 8.8 score reflects high impact across confidentiality, integrity, and availability combined with low attack complexity, though the PR:L requirement means the attacker must already hold at least a low-privileged SharePoint account. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Remote code execution in Nuance PowerScribe allows unauthenticated network attackers to run arbitrary code by submitting maliciously crafted serialized objects to the application. The flaw is a CWE-502 untrusted-data deserialization issue carrying a critical CVSS 9.8 score, reported through Microsoft Security Response Center; no public exploit identified at time of analysis. Because PowerScribe is a clinical radiology reporting platform widely deployed in hospital environments, successful exploitation could compromise systems handling protected health information.

PHP Object Injection in TYPO3 CMS's cache frontend (VariableFrontend) and persistent key-value store (Registry) exposes TYPO3 installations to potential Remote Code Execution when an attacker controls write access to the underlying storage layer. The root cause is bare PHP `unserialize()` calls on storage-retrieved data without HMAC integrity validation or class allowlists, meaning attacker-controlled data in the `sys_registry` table or cache backend can trigger deserialization of crafted PHP objects through a gadget chain. No public exploit has been identified at time of analysis and no CISA KEV listing exists; however, the CVSS 4.0 Subsequent impact scores (SC:H/SI:H/SA:H) confirm that successful exploitation yields full system-level impact despite the local access prerequisite.

Authenticated PHP Object Injection in the Blocksy WordPress theme (versions ≤ 2.1.35) allows contributor-level users to escalate to remote code execution by storing a malicious serialized object in post meta that is later deserialized during the V200 database migration. Wordfence-reported flaw chains weak input sanitization in blocksy_sanitize_post_meta_options() with an unconditional @unserialize() call in SearchReplacer::run_recursively(), triggering RaiiPattern::__destruct() to invoke arbitrary callables via call_user_func(). No public exploit identified at time of analysis, but the low-privilege requirement and high impact make this a meaningful priority for sites running upgraded Blocksy installations.

Unsafe deserialization in Spring Framework's JMS message converters (MappingJackson2MessageConverter and JacksonJsonMessageConverter) allows remote attackers to instantiate arbitrary classes when applications process messages from an untrusted JMS broker, enabling gadget-chain exploitation that can result in code execution or other unauthorized actions. The flaw affects Spring Framework 5.3.0-5.3.48, 6.1.0-6.1.27, 6.2.0-6.2.18, and 7.0.0-7.0.7. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Phar deserialization in PhpSpreadsheet (PHPOffice) is reachable on PHP 7.x because the `File::prohibitWrappers` helper added to patch CVE-2026-34084 can be bypassed with a three-slash phar URI such as `phar:///path/file.phar/inner`, where `parse_url` returns false and the wrapper check is skipped. Remote attackers who can supply a file path to `IOFactory::load()` achieve full RCE on PHP 7.x branches (1.x up to 1.30.4) and a phar file-read primitive on PHP 8.x branches up to 5.7.0; publicly available exploit code exists with a working Docker reproducer, though EPSS is only 0.04% (12th percentile).

PHP Object Injection in the LearnPress - Backup & Migration Tool WordPress plugin (versions ≤ 4.1.4, by ThimPress) allows authenticated administrators to supply maliciously crafted serialized data through the plugin's import functionality, triggering unsafe PHP deserialization. The vulnerability itself carries no direct impact in isolation - exploitation is contingent on a separate plugin or theme installing a usable POP (Property-Oriented Programming) chain on the same site, at which point an attacker can escalate to arbitrary file deletion, sensitive data retrieval, or remote code execution. No public exploit code and no CISA KEV listing have been identified at time of analysis, and the CVSS score of 6.6 (High complexity, High privileges required) reflects the constrained real-world conditions.

Authenticated remote code execution in the Admin Columns WordPress plugin (versions through 7.0.18) allows Contributor-level users to inject serialized PHP objects via post meta and trigger a bundled POP gadget chain through the Laravel SerializableClosure component. Reported by Wordfence with CVSS 8.8, no public exploit identified at time of analysis, though the low privilege barrier and bundled gadget chain make weaponization straightforward for any researcher with plugin access.

Local privilege escalation in Seagull Software BarTender 2021 R1 through 12.0.1 allows any low-privileged user on the host to gain SYSTEM execution by sending a crafted BinaryFormatter payload to a localhost-bound .NET Remoting endpoint. Publicly available exploit code exists (a YSoSerial.NET-based PoC is published as a GitHub gist), and the issue carries a CVSS 4.0 base score of 8.5 with high confidentiality, integrity, and availability impact. No CISA KEV listing is present, so exploitation is opportunistic rather than confirmed in-the-wild.

Unsafe deserialization in Apache Fory fory-core Java SDK versions prior to 1.1.0 allows remote attackers to bypass the framework's class registration, TypeChecker, and DisallowedList security controls on Java/JVM platforms. By crafting malicious Fory-serialized payloads that exercise the replace-resolve path, an attacker can invoke arbitrary readResolve/readExternal hooks on any class present on the classpath, enabling gadget-chain abuse without authentication. No public exploit identified at time of analysis, but the CVSS 9.1 score and CWE-502 classification reflect the high impact typical of Java deserialization sinks.

PHP object injection in Concrete CMS versions below 9.5.2 allows authenticated high-privileged attackers to trigger arbitrary PHP object instantiation through unsafe unserialize() calls in the Workflow, Form block, and File/Set components. The vulnerability requires a malicious serialized payload to be placed in the database beforehand, and no public exploit identified at time of analysis. The vendor scored this 8.4 (CVSS 4.0), and CISA SSVC indicates no observed exploitation but total technical impact if successfully chained.

Unsafe Java deserialization in Apache MINA's ObjectSerializationDecoder allows remote unauthenticated attackers to bypass the acceptMatchers class allow-list and achieve arbitrary code execution. Two distinct flaws are addressed: a TC_PROXYCLASSDESC handling gap where resolveProxyClass is not overridden (permitting java.lang.reflect.Proxy instantiation outside the allow-list), and a Class.forName invocation in readClassDescriptor that triggers static initializers of allow-listed classes before any instance check. No public exploit identified at time of analysis, but the CVSS 9.8 rating and well-known deserialization attack patterns make this a high-priority issue for any application exposing MINA's object serialization codec.

Arbitrary code execution in aiohttp's CookieJar.load() prior to version 3.14.0 stems from use of Python's unsafe pickle.load() to deserialize cookie files, allowing a malicious pickle payload to execute arbitrary Python code at load time. Affected are all aiohttp releases below 3.14.0 where an application passes attacker-controlled file input to CookieJar.load(). The CVSS vector (AV:L/AC:H/PR:H/UI:R) and the upstream advisory both note that exploitation requires an unusual application design where attacker-supplied files reach this API; no public exploit identified at time of analysis.

Remote code execution in React Router 7.0.0 through 7.14.1 affects applications running in Framework Mode by chaining an application-level prototype pollution flaw with router internals to achieve unauthenticated RCE on the server. Applications using Declarative Mode (BrowserRouter) or Data Mode (createBrowserRouter/RouterProvider) are unaffected. No public exploit identified at time of analysis; CVSS 8.1 reflects high impact tempered by high attack complexity due to the prerequisite prototype pollution gadget.

Local code execution in NVIDIA NVTabular allows a low-privileged attacker to abuse insecure deserialization of untrusted data, potentially leading to arbitrary code execution, data tampering, and information disclosure on the host running the library. The flaw carries a CVSS 7.8 (High) rating with confidentiality, integrity, and availability all marked High, and currently no public exploit identified at time of analysis. NVTabular is a tabular feature-engineering library used in recommender-system pipelines, so the practical blast radius is data-science workstations and ML training nodes.

Local code execution in NVIDIA NVTabular allows an authenticated low-privileged user to abuse improper deserialization of untrusted data to run arbitrary code, tamper with data, and disclose sensitive information. The CVSS 3.1 base score is 7.8 (AV:L/AC:L/PR:L/UI:N) reflecting a local attack vector with low complexity and low privileges; no public exploit identified at time of analysis and the issue is not on the CISA KEV list.

PHP object injection in the Elated-Themes Askka WordPress theme through version 1.3.1 allows remote attackers to deserialize untrusted data, potentially leading to arbitrary code execution, file manipulation, or full site compromise depending on available gadget chains. The CVSS score of 8.1 reflects high impact across confidentiality, integrity, and availability, though high attack complexity (AC:H) tempers immediate exploitability. No public exploit identified at time of analysis.

PHP object injection in the Elated-Themes Töbel WordPress theme (versions up to and including 1.8.1) allows remote attackers to trigger unsafe deserialization of attacker-controlled data, potentially leading to arbitrary code execution, file manipulation, or data tampering depending on available POP gadgets. Rated CVSS 8.1 (High) with no public exploit identified at time of analysis and no CISA KEV listing, though the network attack vector and lack of authentication requirement make it a meaningful risk to any WordPress site running the theme.

Object injection in the Elated-Themes Aperitif WordPress theme through version 1.6 allows remote attackers to trigger PHP deserialization of attacker-controlled data, potentially leading to code execution, file manipulation, or full site compromise when a suitable gadget chain is present. CVSS 8.1 reflects high impact across confidentiality, integrity, and availability, though attack complexity is rated High. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Unsafe deserialization in FoundationAgents MetaGPT versions up to and including 0.8.2 allows a local low-privileged attacker to achieve confidentiality, integrity, and availability impact by manipulating the `mapping` argument passed to `Message.check_instruct_content` in `metagpt/schema.py`. Publicly available exploit code (POC) exists via a GitHub issue report, elevating practical risk despite the local-only attack vector. No vendor patch has been released - the project was notified via issue report but has not responded, leaving installations without a remediation path.

Remote code execution in Microsoft SharePoint Server (2016 Enterprise, 2019, and Subscription Edition) allows an authenticated attacker to execute arbitrary code on the server by submitting crafted serialized data that triggers unsafe deserialization. The CVSS 8.0 vector requires low privileges and user interaction, and no public exploit is identified at time of analysis. The flaw is significant because SharePoint servers typically run with high privileges inside enterprise environments and frequently host sensitive collaboration data.

Remote code execution in IBM WebSphere Application Server 9.0 and 8.5 allows authenticated attackers to abuse unsafe Java deserialization in the SAML Web Single Sign-On component to run arbitrary code via a crafted HTTP request combined with a gadget chain. The flaw carries a CVSS 8.5 with scope change, and while no public exploit has been identified at time of analysis, deserialization gadget chains for WebSphere are historically well-researched. IBM has released a patch via support advisory node/7274733.

Remote code execution in IBM WebSphere Application Server 9.0 and 8.5 arises from unsafe deserialization of untrusted data processed by JAX-WS endpoints that use WS-Security. Unauthenticated remote attackers who can reach a SOAP/JAX-WS endpoint may craft malicious serialized payloads to execute arbitrary code in the WebSphere server context. No public exploit identified at time of analysis, but the high CVSS (9.0) and scope-changed impact mean any exposed JAX-WS service is a meaningful target.

Remote code execution in AMD's AI Tensor Engine for ROCm (AITER) through version 0.1.14 allows unauthenticated network attackers to run arbitrary code on every inference worker in a distributed cluster by sending a malicious pickle payload to the ZMQ SUB socket consumed by MessageQueue.recv() in shm_broadcast.py. The vulnerability stems from unauthenticated, unvalidated pickle deserialization with no HMAC or format checks; no public exploit identified at time of analysis, but VulnCheck has published an advisory and AMD has merged an upstream fix.

Deserialization restriction bypass in QOS.CH Sarl logback-core affects all versions through 1.5.33, allowing unauthenticated network attackers with the ability to influence serialized data to instantiate Java Proxy objects via SimpleSocketServer or SimpleSSLSocketServer. Despite the 'RCE' tag in source intelligence, the vendor explicitly states that no practical path to remote code execution or significant privilege escalation has been identified - this is a security boundary bypass of the HardenedObjectInputStream defense mechanism, not a full compromise vector. A proof-of-concept exists (CVSS E:P), though CVSS 4.0 scores the overall risk at 2.9 due to high attack complexity and prerequisite deployment conditions.

Unauthenticated remote code execution in Dassault Systèmes Teamwork Cloud (No Magic Release 2022x-2026x) and Magic Collaboration Studio (CATIA Magic Release 2022x-2026x) arises from unsafe deserialization of attacker-controlled data. The CVSS 9.8 vector indicates a network-reachable attack with no privileges or user interaction, yielding full confidentiality, integrity, and availability impact, though no public exploit identified at time of analysis and EPSS data was not provided.

Arbitrary code execution in ESA AnomalyMatch before 1.3.1 allows local attackers with low privileges to run code under the application's process by planting a malicious PyTorch checkpoint into a session directory, which is loaded via torch.load() with weights_only=False. No public exploit is identified at time of analysis, but the upstream fix (PR #9) and a third-party advisory (imlabs.info) confirm the unsafe-deserialization root cause and the migration to safetensors.

{/, l, o, g} - rather than a literal prefix strip, causing the filename derived from the URL to diverge from the file actually served. No public exploit has been identified at time of analysis, and this vulnerability is not listed in CISA KEV.

The event log detail endpoint in Apache Airflow before 3.2.2 applies a generic DAG-level audit log permission check rather than scoping authorization to the specific DAG that owns the requested event log entry, allowing any authenticated low-privilege user to read audit log entries belonging to DAGs outside their permitted scope. The flaw is a broken object-level authorization (IDOR) pattern - classified as CWE-639 - where the user-supplied `event_log_id` path parameter can reference log rows from unauthorized DAGs without triggering a rejection. No public exploit code exists and the issue is not listed in CISA KEV, but the attack is trivially executable by any authenticated Airflow user in a multi-tenant deployment.

Arbitrary Python module import in Apache Airflow versions prior to 3.2.2 occurs when the scheduler deserializes custom DeadlineReference objects, because the prior implementation called import_string() directly on an attacker-controllable __class_path field. Rated CVSS 7.3 with low confidentiality/integrity/availability impact, this issue has no public exploit identified at time of analysis and EPSS estimates exploitation probability at 0.02% (6th percentile).

Authenticated remote code execution in Apache Airflow 3.2.0 through 3.2.1 allows users with permission to update XCom entries to achieve code execution by submitting reserved deserialization metadata keys (e.g. __classname__, __type, __data__, __var) to the PATCH XCom endpoint. The XComUpdateBody datamodel omitted the FORBIDDEN_XCOM_KEYS validator that XComCreateBody enforced, letting attackers smuggle a malicious typed payload that is later deserialized into an arbitrary Python class. No public exploit identified at time of analysis and EPSS risk is negligible (0.02%), but a vendor fix has shipped and the root cause is a classic CWE-502 untrusted deserialization.

{method_name} and /simple_execute/{method_name} endpoints, which call pickle.loads() on raw HTTP request bodies. The flaw scored CVSS 4.0 of 9.2 and has an upstream fix in commit d7441481, but no public exploit was identified at time of analysis; risk is amplified by the default Docker image running as root, leading to full container compromise.

Authenticated PHP Object Injection in the WooCommerce Infinite Scroll and Ajax Pagination WordPress plugin (versions up to and including 1.8) allows Subscriber-level users to deserialize attacker-controlled data via the 'settings' parameter of the import_settings function. While the plugin itself contains no usable POP chain, the presence of any vulnerable gadget in another installed plugin or theme can escalate this into arbitrary file deletion, sensitive data disclosure, or remote code execution. There is no public exploit identified at time of analysis, but the low privilege barrier and ubiquity of WordPress gadget chains make this a meaningful risk for multi-plugin sites.

Security restriction bypass in logback-core's HardenedObjectInputStream allows limited object injection via logback's SimpleSocketServer and SimpleSSLSocketServer components, affecting all versions through 1.5.32 inclusive. An attacker who can influence serialized data submitted to these socket server endpoints can instantiate objects from java.lang and java.util classes not explicitly blocked by the hardened deserializer, circumventing its intended allowlist controls. The vendor and NVD both confirm no practical remote code execution or significant privilege escalation has been identified; the real-world impact is limited confidentiality and integrity exposure. No public exploit identified at time of analysis beyond E:P proof-of-concept maturity indicated in the CVSS vector. Not listed in CISA KEV.

Remote code execution in SMSGate sms-core versions 2.1.13.6 and earlier allows remote attackers to execute arbitrary code by sending crafted input to the Cmpp7FDeliverRequestMessageCodec.java component, which handles CMPP protocol message decoding. The CVSS 7.3 (AV:N/AC:L/PR:N/UI:N) vector indicates network-reachable, unauthenticated exploitation with low complexity, though EPSS scores this at only 0.06% (18th percentile) and there is no public exploit identified at time of analysis. SSVC indicates exploitation status is 'none' but the issue is automatable with partial technical impact across CIA.

Arbitrary file deletion in the WP Contact Form 7 DB Handler WordPress plugin (versions up to and including 3.0) can be achieved by chaining CSRF, UNION-based SQL injection, and PHP object deserialization. A remote unauthenticated attacker who lures a logged-in administrator to a malicious page can delete arbitrary server files, including wp-config.php, which typically forces the site into a re-installation state and enables full site takeover. No public exploit identified at time of analysis, though Wordfence's detailed write-up effectively documents the exploit chain.

Unauthenticated PHP object deserialization affects Symfony's Monolog Bridge through the development-time `server:log` console command, which by default binds a TCP listener to 0.0.0.0:9911 and runs `unserialize(base64_decode())` on every received frame with no class allowlist, authentication, or integrity check. Any host that can reach port 9911 on a machine running `server:log` can submit attacker-controlled serialized payloads, producing at minimum an unauthenticated denial of service (a non-array value triggers a fatal type error) and potentially object injection or full remote code execution where usable gadget chains exist in the target's autoloaded classes. Affected versions are symfony/symfony and symfony/monolog-bridge below 5.4.52, 6.x below 6.4.40, and 7.x below 7.4.12; there is no public exploit identified at time of analysis and no CVSS, EPSS, or CISA KEV data is available.

Remote code execution in RELATE LMS (the inducer/relate web courseware platform) stems from its Celery task queue being configured to accept and unpickle untrusted messages (CELERY_ACCEPT_CONTENT included "pickle"). Because the code-execution sandbox lacks network isolation, an authenticated student can reach the message broker and deliver a malicious pickle payload that the worker deserializes, yielding arbitrary command execution on the host. No public exploit identified at time of analysis; the issue is corrected in commit d66ba5659b459bf1ba56b7109b5f9ecf197cbefb.

PHP object injection in Pimcore (packages pimcore/pimcore and admin-ui-classic-bundle) up to and including version 12.3.6 arises from six code paths calling unserialize() without the allowed_classes restriction on values read from database columns and filesystem files. An attacker who can already write to one of those sources - for example through SQL injection into the tmp_store, sites, or custom_layouts tables, or a file write to the WebDAV delete log - can plant a serialized PHP gadget chain that executes arbitrary code with web-server privileges once the data is deserialized. No public exploit identified at time of analysis (the vendor advisory documents only a conceptual PoC procedure), the CVE is not in CISA KEV, and EPSS is not provided; the issue is fixed in 12.3.7 and rated CVSS 8.0, with the High attack-complexity reflecting its dependence on a separate write primitive and a working gadget chain.

Unsafe deserialization in Jenkins Active Directory Plugin 2.41 and earlier allows a remote attacker holding administrative credentials to achieve full system compromise by manipulating the LDAP referral processing path. The plugin deserializes data received from LDAP referrals without validation (CWE-502), which can enable arbitrary code execution on the Jenkins controller. No public exploit exists at time of analysis, and CISA SSVC assesses this as not automatable, though technical impact is rated total - making it a targeted rather than opportunistic threat.

Jenkins LDAP Plugin versions up to and including 807.v7d7de30930cf deserializes Java objects returned via LDAP referral responses without any validation, exposing the underlying Jenkins instance to potential remote code execution via classic Java deserialization gadget chains. Exploitation is constrained by a high privilege requirement and high attack complexity (CVSS PR:H/AC:H), limiting realistic scenarios to attackers who already hold Jenkins administrative credentials or can manipulate LDAP referral destinations. No public exploit code has been identified and this vulnerability does not appear in the CISA KEV catalog at time of analysis.

SQL injection in Pimcore's admin-ui-classic-bundle (versions <= 2.3.5) allows an authenticated user holding only the translations-view permission to read arbitrary database contents by injecting into the translation grid's date filter. The user-controlled 'property' field of the filter JSON is interpolated directly into a UNIX_TIMESTAMP(DATE(FROM_UNIXTIME(...))) expression at the POST /admin/translation/translations endpoint, behind only a trivially bypassable str_replace('--','') filter. A working proof-of-concept and publicly available exploit code exist; the reporter notes it can be chained with an unsafe-unserialize flaw (GM-249) to reach remote code execution. No EPSS score or CISA KEV listing was supplied.

Insecure deserialization in NVIDIA Merlin Transformers4Rec on Linux allows a local attacker to achieve code execution, data tampering, and information disclosure by tricking a user into loading a malicious serialized object. The flaw affects all Main-branch commits prior to March 11, 2026, and currently has no public exploit identified at time of analysis, with a very low EPSS score (0.02%) reflecting limited real-world activity. CISA SSVC classifies exploitation as 'none' but technical impact as 'total', placing it firmly in the supply-chain/MLOps risk category rather than a mass-exploitation threat.

Remote code execution in Mirasvit Full Page Cache Warmer for Magento 2 before 1.11.12 allows unauthenticated attackers to execute arbitrary code by sending a crafted serialized PHP object in the CacheWarmer cookie. The flaw is confirmed actively exploited (CISA KEV) with publicly available exploit code, and successful exploitation chains Magento and dependency gadget chains via an unsafe call to unserialize(). Despite a low EPSS score (0.10%), KEV listing and CVSS 9.3 indicate this is a high-priority patch for any Magento 2 store running the module.

Unsafe deserialization in changmingxie tcc-transaction (versions up to 2.1.0) allows a remotely authenticated attacker with low privileges to exploit the Fastjson AutoType feature via the REST API, achieving limited confidentiality, integrity, and availability impact on the affected system. A proof-of-concept exploit exists (CVSS 4.0 E:P), referenced in a public GitHub bug report, though EPSS probability sits at just 0.04% (12th percentile) and SSVC assesses exploitation as none at time of analysis, indicating no observed active abuse. The vendor was notified prior to disclosure but did not respond, meaning no official patch has been released.

Remote code execution in HuggingFace Transformers prior to 5.3.0 allows attackers to achieve arbitrary code execution on a victim's machine by publishing a malicious model whose config.json sets the `_attn_implementation_internal` field to an attacker-controlled Hub repository. When the victim calls the standard `AutoModelForCausalLM.from_pretrained()` API, the library silently downloads and executes Python kernels from that repository with the victim's privileges, bypassing the `trust_remote_code` safety gate. No public exploit is identified at time of analysis (EPSS 0.03%, SSVC exploitation: none), but the technical impact is total and the attack uses the documented, default usage pattern.

Unsafe deserialization in Microsoft Planetary Computer Pro (Geocatalog) lets a remote unauthenticated attacker craft malicious serialized payloads that the service processes, resulting in information disclosure across a trust boundary. The maximum CVSS 10.0 score reflects network-reachable exploitation with no privileges or user interaction and a scope change, though no public exploit identified at time of analysis and EPSS data was not provided.

Authenticated remote code execution in Microsoft SharePoint (Enterprise Server 2016, Server 2019, and Subscription Edition) stems from unsafe deserialization of untrusted data (CWE-502), enabling an authorized attacker to run arbitrary code on the server over the network. CVSS 8.8 with low privileges required and no user interaction makes this attractive to post-authentication adversaries, though no public exploit identified at time of analysis and CVSS temporal data marks exploit code maturity as Unproven.

Arbitrary code execution in Amazon Braket Python SDK versions prior to 1.117.0 allows an authenticated attacker with S3 write access to the job output bucket to compromise any client machine that processes those job results. The flaw stems from insecure pickle deserialization in the job results processing component, and while no public exploit has been identified at time of analysis, the impact extends to every downstream consumer of poisoned results. EPSS data is unavailable, but the supply-chain-style propagation across analyst workstations and CI systems materially raises real-world risk.

Constraint extension stripping in the golang.org/x/crypto SSH agent client (versions prior to 0.52.0) allows remote SSH hosts to use forwarded keys without the destination restrictions the user intended. When clients added keys to a remote agent, extensions such as restrict-destination-v00@openssh.com were silently dropped during serialization, effectively converting scoped keys into unrestricted ones on downstream hosts. No public exploit identified at time of analysis and EPSS is very low (0.02%), but SSVC rates technical impact as total and automatable.

Remote code execution in Concrete CMS versions 5.0 through 9.5.0 allows a high-privileged administrator to bypass the platform's `_fromCIF` deserialization guard by submitting malicious payloads through the REST API instead of standard form POST requests. The flaw resides in the ExpressEntryList block controller (CWE-502) and stores a serialized PHP gadget in the `filterFields` database column, which is unmarshalled when another administrator subsequently views or edits the block, leading to full server takeover. No public exploit identified at time of analysis, and the issue is not present in CISA KEV.

Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory Python-native mode with strict mode disabled and relies on DeserializationPolicy to restrict unsafe classes, functions, or module attributes. This issue affects Apache Fory: from before 1.0.0. Mitigation: Users of Apache Fory are recommended to upgrade to version 1.0.0 or later, which enforces DeserializationPolicy validation for the affected ReduceSerializer paths and thus fixes this issue.

Arbitrary code execution in NVIDIA BioNemo Framework on Linux allows a local attacker to abuse unsafe deserialization of untrusted data (CWE-502), leading to code execution, denial of service, information disclosure, and data tampering. The CVSS 7.8 vector indicates local attack vector with required user interaction, and no public exploit has been identified at time of analysis.