Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
A vulnerability, which was classified as problematic, has been found in joelittlejohn jsonschema2pojo 1.2.2. This issue affects the function apply of the file org/jsonschema2pojo/rules/SchemaRule.java
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicato
In scheme of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to local escalation of privilege with no additional execution privilege
In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution pri
In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could lead to local escalation of privilege with no additional execution privi
In several functions of DescramblerImpl.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed
In wl_update_hidden_ap_ie() of wl_cfgscan.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution pri
CVE-2025-31919
CRITICAL CVSS 9.8
Find Similar
Deserialization of Untrusted Data vulnerability in themeton Spare allows Object Injection. This issue affects Spare: from n/a through 1.7.
CVE-2024-52046
CRITICAL CVSS 10.0
Find Similar
The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability a
In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with no additional execution privil
In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege with no additional execution privile
CVE-2025-60210
CRITICAL CVSS 9.8
Find Similar
Deserialization of Untrusted Data vulnerability in wpeverest Everest Forms - Frontend Listing everest-forms-frontend-listing allows Object Injection.This issue affects Everest Forms - Frontend Listing
In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escape from SUW due to a logic error in the code. This could lead to local escalation of privilege with n
CVE-2026-50076
CRITICAL CVSS 9.1
Find Similar
Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to bypass class registration, TypeCheck
CVE-2025-27531
CRITICAL CVSS 9.8
Find Similar
Deserialization of Untrusted Data vulnerability in Apache InLong.  This issue affects Apache InLong: from 1.13.0 before 2.1.0, this issue would allow an authenticated attacker to read arbitrary fil
Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with.
In multiple functions of MessageQueueBase.h, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges n
CVE-2025-47530
CRITICAL CVSS 9.8
Find Similar
Deserialization of Untrusted Data vulnerability in WPFunnels WPFunnels wpfunnels allows Object Injection.This issue affects WPFunnels: from n/a through <= 3.5.18.
In saveGlobalProxyLocked of DevicePolicyManagerService.java, there is a possible way to desync from persistence due to a logic error in the code. This could lead to local escalation of privilege with
In SensorService::isDataInjectionEnabled of frameworks/native/services/sensorservice/SensorService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local i