Topic: deserialization vulnerability

Sort by: Relevance | Date
  • SolarWinds Help Desk Flaw Under Active Attack
    February 6, 2026

    SolarWinds Help Desk Flaw Under Active Attack

    A critical vulnerability (CVE-2025-40551) in SolarWinds Web Help Desk is under active attack, allowing unauthenticated attackers to execute remote code and gain administrative control, prompting urgent patching orders from US authorities. The flaw is one of four critical vulnerabilities, all with...

    Read More »
  • Urgent WSUS Vulnerability: Patch Windows Server Now
    October 25, 2025

    Urgent WSUS Vulnerability: Patch Windows Server Now

    A critical security flaw (CVE-2025-59287) in Microsoft's WSUS allows unauthorized remote code execution with system-level privileges, affecting multiple Windows Server versions. The vulnerability stems from the deserialization of untrusted data, enabling attackers to fully compromise servers, pro...

    Read More »
  • Zero-Day Attack Hits Gladinet File Sharing Software
    October 22, 2025

    Zero-Day Attack Hits Gladinet File Sharing Software

    A zero-day vulnerability (CVE-2025-11371) in Gladinet's CentreStack and Triofox platforms allows unauthenticated attackers to access sensitive files via Local File Inclusion, with at least three organizations already targeted. Attackers exploit the LFI flaw to retrieve machine keys and chain it w...

    Read More »
  • Gladinet patches critical zero-day flaw in file-sharing software
    October 17, 2025

    Gladinet patches critical zero-day flaw in file-sharing software

    Gladinet has released a critical security update for CentreStack to address CVE-2025-11371, a zero-day vulnerability that allowed attackers to bypass protections and execute remote code on systems. The flaw, discovered by Huntress, involved inadequate input sanitization enabling directory travers...

    Read More »
  • Fortra GoAnywhere Zero-Day Exploited: Critical Flaw CVE-2025-10035
    September 27, 2025

    Fortra GoAnywhere Zero-Day Exploited: Critical Flaw CVE-2025-10035

    A critical vulnerability (CVE-2025-10035) in Fortra's GoAnywhere platform, scoring 10.0 in severity, was exploited in zero-day attacks due to a deserialization flaw, with patches released on September 15, 2025. Evidence shows exploitation began as early as September 10, 2025, giving attackers an ...

    Read More »
  • CISA Warns of Active Dassault RCE Exploit—Patch Now
    September 13, 2025

    CISA Warns of Active Dassault RCE Exploit—Patch Now

    A critical remote code execution vulnerability (CVE-2025-5086) is being actively exploited in Dassault Systèmes' DELMIA Apriso software, affecting versions from 2020 to 2025. The flaw, caused by unsafe deserialization, allows attackers to execute arbitrary code via malicious SOAP requests, with e...

    Read More »
  • SAP Issues Critical Security Alert for Multiple Products
    September 10, 2025

    SAP Issues Critical Security Alert for Multiple Products

    SAP has issued a critical security alert for multiple vulnerabilities, including one with the highest severity score, as threat actors actively exploit a separate high-severity flaw. The most severe vulnerability, CVE-2025-42944 with a CVSS score of 10.0, affects the NetWeaver platform and allows...

    Read More »

Related Topics

remote code execution (6) cve identifiers (3) vulnerability exploitation (3) cisa warning (2) active exploitation (2) local file inclusion (2) machine key (1) software update (1)