WukongCRM-9.0-JAVA was discovered to contain a fastjson deserialization vulnerability via the /OaExamine/setOaExamine interface.
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/editField.
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/addField.
A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input.
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/add.
A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use
ktg-mes before commit a484f96 (2025-07-03) has a fastjson deserialization vulnerability. This is because it uses a vulnerable version of fastjson and deserializes unsafe input data.
A security flaw has been discovered in h2oai h2o-3 up to 7402. This affects the function importBinaryModel of the file h2o-core/src/main/java/hex/Model.java of the component JAR Handler. Performing a
A vulnerability was found in WuKongOpenSource WukongCRM 9.0 and classified as problematic. This issue affects some unknown processing of the file AdminRoleController.java. The manipulation leads to cr
A vulnerability, which was classified as critical, was found in HuangDou UTCMS V9. This affects an unknown part of the file app/modules/ut-template/admin/template_creat.php. The manipulation of the ar
A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. This affects the function GenericFastJsonRedisSerializer of the file src/main/java/com/genersoft/iot/vmp/conf/redis/RedisT
A vulnerability was found in oatpp Oat++ up to 1.3.1. It has been declared as critical. This vulnerability affects the function deserializeArray of the file src/oatpp/json/Deserializer.cpp. The manipu
A vulnerability was identified in WuKongOpenSource WukongCRM 11.0. This affects an unknown part of the file /adminFile/upload of the component API Response Handler. The manipulation leads to informati
A vulnerability, which was classified as problematic, has been found in ywoa up to 2024.07.03. This issue affects the function extract of the file c-main/src/main/java/com/redmoon/weixin/aes/XMLParse.
A vulnerability was found in aaluoxiang oa_system up to 5b445a6227b51cee287bd0c7c33ed94b801a82a5. It has been rated as problematic. Affected by this issue is the function image of the file src/main/ja
A vulnerability, which was classified as problematic, was found in WuKongOpenSource WukongCRM 9.0. This affects an unknown part of the file AdminSysConfigController.java of the component File Upload.
An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjso
A deserialization vulnerability exists in h2oai/h2o-3 versions <= 3.46.0.8, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handlin
A vulnerability was found in WuKongOpenSource Wukong_nocode up to 20230807. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file ExpressionUtil.java
Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that
Page 1+ Next →