CWE-502
AllowedDeserialization of Untrusted Data
Abstraction: Base · Status: Draft
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
4798 vulnerabilities reference this CWE, most recent first.
CVE-2026-15535 (GCVE-0-2026-15535)
Vulnerability from cvelistv5 – Published: 2026-07-13 05:00 – Updated: 2026-07-13 14:59| URL | Tags |
|---|---|
| https://vuldb.com/vuln/377885 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/377885/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-15535 | third-party-advisory |
| https://vuldb.com/submit/854999 | third-party-advisory |
| https://github.com/AkariAsai/self-rag/issues/105 | exploitissue-tracking |
| https://github.com/AkariAsai/self-rag/pull/106 | issue-trackingpatch |
| https://github.com/AkariAsai/self-rag/ | product |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15535",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-13T14:59:00.183386Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-13T14:59:55.663Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:akariasai:self-rag:*:*:*:*:*:*:*:*"
],
"modules": [
"retrieval_lm"
],
"product": "self-rag",
"vendor": "AkariAsai",
"versions": [
{
"status": "affected",
"version": "1fcdc420e48f50a7d7ab1ece5494221b93252e99"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dem00000 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in AkariAsai self-rag up to 1fcdc420e48f50a7d7ab1ece5494221b93252e99. Affected by this issue is the function Indexer.deserialize_from of the file retrieval_lm/src/index.py of the component retrieval_lm. Executing a manipulation of the argument index_meta.faiss can lead to deserialization. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-13T05:00:09.553Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-377885 | AkariAsai self-rag retrieval_lm index.py Indexer.deserialize_from deserialization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/377885"
},
{
"name": "VDB-377885 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/377885/cti"
},
{
"name": "CVE-2026-15535 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-15535"
},
{
"name": "Submit #854999 | AkariAsai self-rag 1fcdc420e48f50a7d7ab1ece5494221b93252e99 Unsafe Deserialization / Integrity Bypass",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/854999"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/AkariAsai/self-rag/issues/105"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/AkariAsai/self-rag/pull/106"
},
{
"tags": [
"product"
],
"url": "https://github.com/AkariAsai/self-rag/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-12T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-12T20:01:22.000Z",
"value": "VulDB entry last update"
}
],
"title": "AkariAsai self-rag retrieval_lm index.py Indexer.deserialize_from deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-15535",
"datePublished": "2026-07-13T05:00:09.553Z",
"dateReserved": "2026-07-12T17:56:16.350Z",
"dateUpdated": "2026-07-13T14:59:55.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15531 (GCVE-0-2026-15531)
Vulnerability from cvelistv5 – Published: 2026-07-13 04:15 – Updated: 2026-07-13 15:27| URL | Tags |
|---|---|
| https://vuldb.com/vuln/377874 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/377874/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-15531 | third-party-advisory |
| https://vuldb.com/submit/854906 | third-party-advisory |
| https://github.com/yashbhalgat/HashNeRF-pytorch/i… | exploitissue-tracking |
| https://github.com/yashbhalgat/HashNeRF-pytorch/pull/50 | issue-trackingpatch |
| https://github.com/yashbhalgat/HashNeRF-pytorch/ | product |
| Vendor | Product | Version | |
|---|---|---|---|
| yashbhalgat | HashNeRF-pytorch |
Affected:
82885e698295982504eb6a26d060a6b2473e3706
cpe:2.3:a:yashbhalgat:hashnerf-pytorch:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15531",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-13T15:27:00.088732Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-13T15:27:17.248Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:yashbhalgat:hashnerf-pytorch:*:*:*:*:*:*:*:*"
],
"modules": [
"Checkpoint File Handler"
],
"product": "HashNeRF-pytorch",
"vendor": "yashbhalgat",
"versions": [
{
"status": "affected",
"version": "82885e698295982504eb6a26d060a6b2473e3706"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dem0000000 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in yashbhalgat HashNeRF-pytorch up to 82885e698295982504eb6a26d060a6b2473e3706. Affected by this issue is the function torch.load of the file run_nerf.py of the component Checkpoint File Handler. The manipulation of the argument ckpt_path leads to deserialization. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The pull request to fix this issue awaits acceptance."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-13T04:15:09.036Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-377874 | yashbhalgat HashNeRF-pytorch Checkpoint File run_nerf.py torch.load deserialization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/377874"
},
{
"name": "VDB-377874 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/377874/cti"
},
{
"name": "CVE-2026-15531 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-15531"
},
{
"name": "Submit #854906 | Yash Bhalgat HashNeRF-pytorch Affected: repository version up to commit c49502ff492abca6243505961f1aa312 CWE-502 Deserialization of Untrusted Data",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/854906"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/yashbhalgat/HashNeRF-pytorch/issues/49"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/yashbhalgat/HashNeRF-pytorch/pull/50"
},
{
"tags": [
"product"
],
"url": "https://github.com/yashbhalgat/HashNeRF-pytorch/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-12T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-12T18:01:32.000Z",
"value": "VulDB entry last update"
}
],
"title": "yashbhalgat HashNeRF-pytorch Checkpoint File run_nerf.py torch.load deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-15531",
"datePublished": "2026-07-13T04:15:09.036Z",
"dateReserved": "2026-07-12T15:56:12.103Z",
"dateUpdated": "2026-07-13T15:27:17.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15529 (GCVE-0-2026-15529)
Vulnerability from cvelistv5 – Published: 2026-07-13 03:45 – Updated: 2026-07-14 14:53| URL | Tags |
|---|---|
| https://vuldb.com/vuln/377872 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/377872/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-15529 | third-party-advisory |
| https://vuldb.com/submit/854559 | third-party-advisory |
| https://github.com/yzhao062/pyod/issues/697 | issue-tracking |
| https://github.com/yzhao062/pyod/pull/698 | issue-trackingpatch |
| https://github.com/yzhao062/pyod/ | product |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15529",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-14T14:52:27.588296Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T14:53:01.496Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/yzhao062/pyod/issues/697"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:yzhao062:pyod:*:*:*:*:*:*:*:*"
],
"product": "pyod",
"vendor": "yzhao062",
"versions": [
{
"status": "affected",
"version": "3.5.0"
},
{
"status": "affected",
"version": "3.5.1"
},
{
"status": "affected",
"version": "3.5.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dem0000000 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in yzhao062 pyod 3.5.0/3.5.1/3.5.2. Affected is the function pyod.utils.persistence.load of the file pyod/utils/persistence.py. Performing a manipulation of the argument path results in deserialization. The attack can be initiated remotely. The pull request to fix this issue requires some minor changes."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-13T03:45:08.697Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-377872 | yzhao062 pyod persistence.py pyod.utils.persistence.load deserialization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/377872"
},
{
"name": "VDB-377872 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/377872/cti"
},
{
"name": "CVE-2026-15529 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-15529"
},
{
"name": "Submit #854559 | Yue Zhao / yzhao062 pyod 3.5.0 through 3.5.2 CWE-502: Deserialization of Untrusted Data",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/854559"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/yzhao062/pyod/issues/697"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/yzhao062/pyod/pull/698"
},
{
"tags": [
"product"
],
"url": "https://github.com/yzhao062/pyod/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-12T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-12T17:52:27.000Z",
"value": "VulDB entry last update"
}
],
"title": "yzhao062 pyod persistence.py pyod.utils.persistence.load deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-15529",
"datePublished": "2026-07-13T03:45:08.697Z",
"dateReserved": "2026-07-12T15:47:24.318Z",
"dateUpdated": "2026-07-14T14:53:01.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15105 (GCVE-0-2026-15105)
Vulnerability from cvelistv5 – Published: 2026-07-08 22:15 – Updated: 2026-07-09 13:21| URL | Tags |
|---|---|
| https://vuldb.com/vuln/376946 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/376946/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-15105 | third-party-advisory |
| https://vuldb.com/submit/851026 | third-party-advisory |
| https://github.com/davenardella/snap7/issues/16 | issue-tracking |
| https://github.com/user-attachments/files/2868174… | exploit |
| https://github.com/davenardella/snap7/ | product |
| Vendor | Product | Version | |
|---|---|---|---|
| davenardella | snap7 |
Affected:
1.4.0
Affected: 1.4.1 Affected: 1.4.2 Affected: 1.4.3 cpe:2.3:a:davenardella:snap7:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15105",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T13:18:08.587007Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T13:21:48.368Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:davenardella:snap7:*:*:*:*:*:*:*:*"
],
"modules": [
"ReadVar Request Handler"
],
"product": "snap7",
"vendor": "davenardella",
"versions": [
{
"status": "affected",
"version": "1.4.0"
},
{
"status": "affected",
"version": "1.4.1"
},
{
"status": "affected",
"version": "1.4.2"
},
{
"status": "affected",
"version": "1.4.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chuan Wei"
},
{
"lang": "en",
"type": "reporter",
"value": "VULL (VulDB User)"
},
{
"lang": "en",
"type": "analyst",
"value": "VULL (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::PerformFunctionRead of the file src/core/s7_server.cpp of the component ReadVar Request Handler. This manipulation causes deserialization. The attack requires access to the local network. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T03:28:35.823Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-376946 | davenardella snap7 ReadVar Request s7_server.cpp PerformFunctionRead deserialization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/376946"
},
{
"name": "VDB-376946 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/376946/cti"
},
{
"name": "CVE-2026-15105 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-15105"
},
{
"name": "Submit #851026 | Davide Nardella Snap7 master(commit:30f37da3114024a71ba93f7fd855c680b97a406f) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/851026"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/davenardella/snap7/issues/16"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/user-attachments/files/28681740/poc.zip"
},
{
"tags": [
"product"
],
"url": "https://github.com/davenardella/snap7/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-09T05:30:38.000Z",
"value": "VulDB entry last update"
}
],
"title": "davenardella snap7 ReadVar Request s7_server.cpp PerformFunctionRead deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-15105",
"datePublished": "2026-07-08T22:15:12.176Z",
"dateReserved": "2026-07-08T17:07:19.722Z",
"dateUpdated": "2026-07-09T13:21:48.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15008 (GCVE-0-2026-15008)
Vulnerability from cvelistv5 – Published: 2026-07-16 07:51 – Updated: 2026-07-16 07:51- CWE-502 - Deserialization of Untrusted Data
| Vendor | Product | Version | |
|---|---|---|---|
| uncannyowl | Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin |
Affected:
0 , ≤ 7.3.1.4
(semver)
|
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Uncanny Automator \u2013 Easy Automation, Integration, Webhooks \u0026 Workflow Builder Plugin",
"vendor": "uncannyowl",
"versions": [
{
"lessThanOrEqual": "7.3.1.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "daroo"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Uncanny Automator \u2013 Easy Automation, Integration, Webhooks \u0026 Workflow Builder Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the fr_token function in all versions up to, and including, 7.3.1.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). Exploitation requires a Forminator form connected to an Uncanny Automator recipe configured for \u0027Everyone\u0027, allowing unauthenticated form submissions to supply the malicious serialized payload; a gadget chain is present within the plugin via the Action_Helpers_Email __destruct() method, meaning no external gadget library is required."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T07:51:04.143Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f2774e8-8b55-4c25-93c3-e0806208b1f3?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/uncanny-automator/tags/7.3.1.4/src/integrations/forminator/tokens/fr-tokens.php#L136"
},
{
"url": "https://plugins.trac.wordpress.org/browser/uncanny-automator/tags/7.3.1.4/src/integrations/forminator/triggers/anon-fr-submitform.php#L114"
},
{
"url": "https://plugins.trac.wordpress.org/browser/uncanny-automator/tags/7.3.1.4/src/core/lib/utilities/db/class-automator-db-handler-triggers.php#L300"
},
{
"url": "https://plugins.trac.wordpress.org/browser/uncanny-automator/tags/7.3.1.4/src/core/lib/recipe-parts/actions/trait-action-helpers-email.php#L481"
},
{
"url": "https://plugins.trac.wordpress.org/browser/uncanny-automator/tags/7.3.1.4/src/core/services/email/attachment/handler.php#L201"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?reponame=\u0026old=3607776%40uncanny-automator\u0026new=3607776%40uncanny-automator"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-08T17:03:56.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-07-15T19:43:41.000Z",
"value": "Disclosed"
}
],
"title": "Uncanny Automator \u003c= 7.3.1.4 - Unauthenticated PHP Object Injection to Arbitrary File Deletion via Forminator Submitted-Field Token"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-15008",
"datePublished": "2026-07-16T07:51:04.143Z",
"dateReserved": "2026-07-07T21:26:57.330Z",
"dateUpdated": "2026-07-16T07:51:04.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14723 (GCVE-0-2026-14723)
Vulnerability from cvelistv5 – Published: 2026-07-05 07:45 – Updated: 2026-07-06 17:51| URL | Tags |
|---|---|
| https://vuldb.com/vuln/376310 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/376310/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-14723 | third-party-advisory |
| https://vuldb.com/submit/847672 | third-party-advisory |
| https://github.com/AD-Security/AD_Miner/issues/238 | issue-tracking |
| https://github.com/AD-Security/AD_Miner/pull/239 | issue-trackingpatch |
| https://github.com/AD-Security/AD_Miner/ | product |
| https://vuldb.com/submit/847672?__cf_chl_f_tk=OMG… | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| AD-Security | AD_Miner |
Affected:
1.9.0
cpe:2.3:a:ad-security:ad_miner:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14723",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T17:50:58.824292Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T17:51:18.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/submit/847672?__cf_chl_f_tk=OMGtGTdlFc9MbAYE2yL37Va0.8fqbuwXCbUhJ7jVF8w-1783360226-1.0.1.1-06NIwDTuA.wmgvZmcy.dqKMaKSq8Jqm4cv6OH8kKfxw"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ad-security:ad_miner:*:*:*:*:*:*:*:*"
],
"modules": [
"Cache Handler"
],
"product": "AD_Miner",
"vendor": "AD-Security",
"versions": [
{
"status": "affected",
"version": "1.9.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dem00000 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in AD-Security AD_Miner 1.9.0. Affected is the function request_a of the file ad_miner/scripts/analyse_cache.py of the component Cache Handler. This manipulation of the argument sys.argv[1] causes deserialization. The attack can only be executed locally. The pull request to fix this issue awaits acceptance."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-05T07:45:08.075Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-376310 | AD-Security AD_Miner Cache analyse_cache.py request_a deserialization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/376310"
},
{
"name": "VDB-376310 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/376310/cti"
},
{
"name": "CVE-2026-14723 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-14723"
},
{
"name": "Submit #847672 | AD-Security AD_Miner 1.9.0 Unsafe Deserialization / Arbitrary Code Execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/847672"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/AD-Security/AD_Miner/issues/238"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/AD-Security/AD_Miner/pull/239"
},
{
"tags": [
"product"
],
"url": "https://github.com/AD-Security/AD_Miner/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-04T10:10:06.000Z",
"value": "VulDB entry last update"
}
],
"title": "AD-Security AD_Miner Cache analyse_cache.py request_a deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-14723",
"datePublished": "2026-07-05T07:45:08.075Z",
"dateReserved": "2026-07-04T08:05:02.250Z",
"dateUpdated": "2026-07-06T17:51:18.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14637 (GCVE-0-2026-14637)
Vulnerability from cvelistv5 – Published: 2026-07-04 17:30 – Updated: 2026-07-06 19:04 X_Open Source| URL | Tags |
|---|---|
| https://vuldb.com/vuln/376152 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/376152/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-14637 | third-party-advisory |
| https://vuldb.com/submit/845908 | third-party-advisory |
| https://github.com/kirilkirkov/Ecommerce-CodeIgni… | exploit |
| https://github.com/kirilkirkov/Ecommerce-CodeIgni… | patch |
| https://github.com/kirilkirkov/Ecommerce-CodeIgni… | product |
| Vendor | Product | Version | |
|---|---|---|---|
| kirilkirkov | Ecommerce-CodeIgniter-Bootstrap |
Affected:
13fd582aaf49aeab7438acc0fc3eb973a1f5e6a7
cpe:2.3:a:kirilkirkov:ecommerce-codeigniter-bootstrap:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14637",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T19:04:05.282691Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T19:04:15.465Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:kirilkirkov:ecommerce-codeigniter-bootstrap:*:*:*:*:*:*:*:*"
],
"product": "Ecommerce-CodeIgniter-Bootstrap",
"vendor": "kirilkirkov",
"versions": [
{
"status": "affected",
"version": "13fd582aaf49aeab7438acc0fc3eb973a1f5e6a7"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB GitHub Commit Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 13fd582aaf49aeab7438acc0fc3eb973a1f5e6a7. The affected element is the function getCartItems in the library application/libraries/ShoppingCart.php. The manipulation of the argument shopping_cart leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The identifier of the patch is 49b20f53de2b7ec34e920b11c863f1491d911a04. It is recommended to apply a patch to fix this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 8.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-04T17:30:11.062Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-376152 | kirilkirkov Ecommerce-CodeIgniter-Bootstrap ShoppingCart.php getCartItems deserialization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/376152"
},
{
"name": "VDB-376152 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/376152/cti"
},
{
"name": "CVE-2026-14637 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-14637"
},
{
"name": "Submit #845908 | kirilkirkov Ecommerce-CodeIgniter-Bootstrap master Deserialization",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/845908"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/security/advisories/GHSA-9g5q-g6m3-v5cr"
},
{
"tags": [
"patch"
],
"url": "https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/49b20f53de2b7ec34e920b11c863f1491d911a04"
},
{
"tags": [
"product"
],
"url": "https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-07-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-03T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-03T19:30:05.000Z",
"value": "VulDB entry last update"
}
],
"title": "kirilkirkov Ecommerce-CodeIgniter-Bootstrap ShoppingCart.php getCartItems deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-14637",
"datePublished": "2026-07-04T17:30:11.062Z",
"dateReserved": "2026-07-03T17:24:37.659Z",
"dateUpdated": "2026-07-06T19:04:15.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14534 (GCVE-0-2026-14534)
Vulnerability from cvelistv5 – Published: 2026-07-04 13:25 – Updated: 2026-07-06 14:59| Vendor | Product | Version | |
|---|---|---|---|
| trailofbits | fickling |
Affected:
0 , ≤ 0.1.10
(custom)
Unaffected: 0.1.11 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14534",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T14:59:25.631510Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T14:59:37.264Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/trailofbits/fickling/security/advisories/GHSA-m6fh-58r7-x697"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pypi.org/project/fickling/",
"defaultStatus": "unaffected",
"packageName": "fickling",
"product": "fickling",
"vendor": "trailofbits",
"versions": [
{
"lessThanOrEqual": "0.1.10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "0.1.11",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Christopher Aziz (Bombadil Systems LLC)"
}
],
"datePublic": "2026-06-28T00:08:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTrail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules _posixsubprocess, site, and atexit in the UNSAFE_IMPORTS denylist (fickle.py). Because these modules are absent from the denylist, fickling\u0027s check_safety() function returns LIKELY_SAFE with zero findings for pickle payloads that invoke dangerous functions including _posixsubprocess.fork_exec (C-level process spawner capable of executing arbitrary binaries), site.execsitecustomize (executes arbitrary site customization code), and atexit._run_exitfuncs (triggers all registered exit handler callbacks). The fickling.load() API chains check_safety() into pickle.loads() as an explicit security gate; a LIKELY_SAFE verdict causes the payload to be deserialized and executed. This shares the same root cause as CVE-2026-22607 (cProfile), CVE-2025-67748 (pty), and CVE-2025-67747 (marshal/types). OvertlyBadEvals does not flag these modules because they are standard library imports. UnsafeImports does not flag them because they are not in the denylist. The UnusedVariables heuristic is defeated by the SETITEMS opcode pattern.\u003c/p\u003e"
}
],
"value": "Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules _posixsubprocess, site, and atexit in the UNSAFE_IMPORTS denylist (fickle.py). Because these modules are absent from the denylist, fickling\u0027s check_safety() function returns LIKELY_SAFE with zero findings for pickle payloads that invoke dangerous functions including _posixsubprocess.fork_exec (C-level process spawner capable of executing arbitrary binaries), site.execsitecustomize (executes arbitrary site customization code), and atexit._run_exitfuncs (triggers all registered exit handler callbacks). The fickling.load() API chains check_safety() into pickle.loads() as an explicit security gate; a LIKELY_SAFE verdict causes the payload to be deserialized and executed. This shares the same root cause as CVE-2026-22607 (cProfile), CVE-2025-67748 (pty), and CVE-2025-67747 (marshal/types). OvertlyBadEvals does not flag these modules because they are standard library imports. UnsafeImports does not flag them because they are not in the denylist. The UnusedVariables heuristic is defeated by the SETITEMS opcode pattern."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "An attacker can craft a malicious pickle file that invokes _posixsubprocess.fork_exec to spawn arbitrary processes. When a victim\u0027s ML pipeline passes this file through fickling.load(), fickling classifies it as LIKELY_SAFE and deserializes it, executing attacker-controlled code with the privileges of the victim process."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-184",
"description": "CWE-184 Incomplete List of Disallowed Inputs",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-04T13:25:55.283Z",
"orgId": "aa17e1a1-c329-4d6e-a1ed-8d0188aea082",
"shortName": "BombadilSystems"
},
"references": [
{
"name": "GitHub Security Advisory GHSA-m6fh-58r7-x697",
"url": "https://github.com/trailofbits/fickling/security/advisories/GHSA-m6fh-58r7-x697"
},
{
"name": "Fix PR #272",
"url": "https://github.com/trailofbits/fickling/pull/272"
},
{
"name": "Fix commit e840861",
"url": "https://github.com/trailofbits/fickling/commit/e8408615b63adf034f891f653692ab9b51f0f5af"
},
{
"name": "Fickling v0.1.11 release",
"url": "https://github.com/trailofbits/fickling/releases/tag/v0.1.11"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Fickling check_safety() bypass via unlisted standard library modules (_posixsubprocess, site, atexit)",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "aa17e1a1-c329-4d6e-a1ed-8d0188aea082",
"assignerShortName": "BombadilSystems",
"cveId": "CVE-2026-14534",
"datePublished": "2026-07-04T13:25:55.283Z",
"dateReserved": "2026-07-03T00:02:49.289Z",
"dateUpdated": "2026-07-06T14:59:37.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14265 (GCVE-0-2026-14265)
Vulnerability from cvelistv5 – Published: 2026-07-01 19:34 – Updated: 2026-07-02 15:54- CWE-502 - Deserialization of untrusted data
| URL | Tags |
|---|---|
| https://github.com/aws/aws-advanced-jdbc-wrapper/… | patch |
| https://aws.amazon.com/security/security-bulletin… | vendor-advisory |
| https://github.com/aws/aws-advanced-jdbc-wrapper/… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| AWS | AWS Advanced JDBC Wrapper |
Affected:
3.3.0 , ≤ 4.0.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14265",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-02T15:27:22.888791Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T15:54:59.751Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AWS Advanced JDBC Wrapper",
"vendor": "AWS",
"versions": [
{
"lessThanOrEqual": "4.0.0",
"status": "affected",
"version": "3.3.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aws:aws_advanced_jdbc_wrapper:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.0.0",
"versionStartIncluding": "3.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDeserialization of untrusted data in the RemoteQueryCachePlugin in Amazon Web Services AWS Advanced JDBC Wrapper 3.3.0 through 4.0.0 might allow an actor with write access to the shared cache infrastructure to execute arbitrary code on application servers that read cached query results via a crafted serialized Java object. The RemoteQueryCachePlugin uses ObjectInputStream without class filtering when deserializing cached query results from Redis or Valkey, enabling gadget chain execution when cache entries are poisoned.\u003c/p\u003e\u003cp\u003eWe recommend upgrading to AWS Advanced JDBC Wrapper version 4.0.1 or later.\u003c/p\u003e"
}
],
"value": "Deserialization of untrusted data in the RemoteQueryCachePlugin in Amazon Web Services AWS Advanced JDBC Wrapper 3.3.0 through 4.0.0 might allow an actor with write access to the shared cache infrastructure to execute arbitrary code on application servers that read cached query results via a crafted serialized Java object. The RemoteQueryCachePlugin uses ObjectInputStream without class filtering when deserializing cached query results from Redis or Valkey, enabling gadget chain execution when cache entries are poisoned.\n\n\n\nWe recommend upgrading to AWS Advanced JDBC Wrapper version 4.0.1 or later."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of untrusted data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T19:38:32.062Z",
"orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"shortName": "AMZN"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/aws/aws-advanced-jdbc-wrapper/releases/tag/4.0.1"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://aws.amazon.com/security/security-bulletins/2026-051-aws/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/aws/aws-advanced-jdbc-wrapper/security/advisories/GHSA-c5q4-97jw-jggh"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "RCE via Deserialization in AWS Advanced JDBC Wrapper",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"assignerShortName": "AMZN",
"cveId": "CVE-2026-14265",
"datePublished": "2026-07-01T19:34:02.095Z",
"dateReserved": "2026-06-30T18:36:33.284Z",
"dateUpdated": "2026-07-02T15:54:59.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-13759 (GCVE-0-2026-13759)
Vulnerability from cvelistv5 – Published: 2026-06-30 19:24 – Updated: 2026-07-03 03:56- CWE-502 - Deserialization of Untrusted Data
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7278595 | vendor-advisorypatch |
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | WebSphere Extreme Scale |
Affected:
8.6.1.0 , ≤ 8.6.1.6
(semver)
cpe:2.3:a:ibm:websphere_extreme_scale:8.6.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_extreme_scale:8.6.1.6:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-13759",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-02T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T03:56:10.967Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:websphere_extreme_scale:8.6.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_extreme_scale:8.6.1.6:*:*:*:*:*:*:*"
],
"product": "WebSphere Extreme Scale",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.6.1.6",
"status": "affected",
"version": "8.6.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses (WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver) that install no JEP-290 class filter; when Coherence is on the classpath, multiple RCE gadget chains including RemoteConstructor.readResolve and PriorityQueue/ExtractorComparator are confirmed working, allowing a post-login attacker who can write a session attribute or a LAN-adjacent attacker on the grid replication wire to execute arbitrary code on peer WAS JVMs\u003c/p\u003e"
}
],
"value": "IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses (WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver) that install no JEP-290 class filter; when Coherence is on the classpath, multiple RCE gadget chains including RemoteConstructor.readResolve and PriorityQueue/ExtractorComparator are confirmed working, allowing a post-login attacker who can write a session attribute or a LAN-adjacent attacker on the grid replication wire to execute arbitrary code on peer WAS JVMs"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T19:24:03.665Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7278595"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWe recommend customer to enable encryption. Please follow the link to enable encryption.\u003cbr/\u003e\u003ca href=\"https://www.ibm.com/docs/en/wxs/latest?topic=sydgies-securing-data-that-flows-between-extreme-scale-clients-servers-ssl-encryption.\" rel=\"nofollow\"\u003ehttps://www.ibm.com/docs/en/wxs/latest?topic=sydgies-securing-data-that-flows-between-extreme-scale-clients-servers-ssl-encryption.\u003c/a\u003e\u003cbr/\u003e\u003cbr/\u003eFor extra security customer can enable JEP 290 global JVM deserialization filter (-Djdk.serialFilter) while starting catalog and container servers.JEP 290 is available from 8.0.8.5 onwards.\u003c/p\u003e"
}
],
"value": "We recommend customer to enable encryption. Please follow the link to enable encryption.\n https://www.ibm.com/docs/en/wxs/latest?topic=sydgies-securing-data-that-flows-between-extreme-scale-clients-servers-ssl-encryption. \n\nFor extra security customer can enable JEP 290 global JVM deserialization filter (-Djdk.serialFilter) while starting catalog and container servers.JEP 290 is available from 8.0.8.5 onwards."
}
],
"title": "IBM WebSphere eXtreme Scale is affected by Insecure Deserilization",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-13759",
"datePublished": "2026-06-30T19:24:03.665Z",
"dateReserved": "2026-06-29T18:10:36.156Z",
"dateUpdated": "2026-07-03T03:56:10.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
If available, use the signing/sealing features of the programming language to assure that deserialized data has not been tainted. For example, a hash-based message authentication code (HMAC) could be used to ensure that data has not been modified.
Mitigation
When deserializing data, populate a new object rather than just deserializing. The result is that the data flows through safe input validation and that the functions are safe.
Mitigation
Explicitly define a final object() to prevent deserialization.
Mitigation
- Make fields transient to protect them from deserialization.
- An attempt to serialize and then deserialize a class containing transient fields will result in NULLs where the transient data should be. This is an excellent way to prevent time, environment-based, or sensitive variables from being carried over and used improperly.
Mitigation
Avoid having unnecessary types or gadgets (a sequence of instances and method invocations that can self-execute during the deserialization process, often found in libraries) available that can be leveraged for malicious ends. This limits the potential for unintended or unauthorized types and gadgets to be leveraged by the attacker. Add only acceptable classes to an allowlist. Note: new gadgets are constantly being discovered, so this alone is not a sufficient mitigation.
Mitigation
Employ cryptography of the data or code for protection. However, it's important to note that it would still be client-side security. This is risky because if the client is compromised then the security implemented on the client (the cryptography) can be bypassed.
Mitigation MIT-29
Strategy: Firewall
Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].
CAPEC-586: Object Injection
An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.