The Ruby programming language is impacted by a similar "deserialization issue" that has affected and wreaked havoc in the Java ecosystem in 2016; an issue that later also proved to be a problem for ...

CISA has added a vulnerability — cataloged as CVE-2023-26359 — to the Known Exploited Vulnerabilities Catalog with a CVSS score of 9.8 due to active exploitation. The vulnerability is a ...

Cisco has disclosed a critical security flaw affecting its Cisco Security Manager software, along with two other high-severity vulnerabilities in the product. Cisco has flagged that the three security ...

A recent blog post by FoxGlove Security that described remotely executable exploits against several major middleware products including WebSphere, WebLogic, and JBoss has focused attention on what ...

PayPal has fixed a serious vulnerability in its back-end management system that could have allowed attackers to execute arbitrary commands on the server and potentially install a backdoor. The ...

Data resilience solutions provider Veeam Software released a critical patch for its Veeam Backup & Replication product. The update fixes a deserialization issue that can result in remote code ...

WordPress CMS installations are vulnerable to a PHP bug related to data deserialization (also known as unserialization), a security researcher has revealed at the start of the month. The bug has been ...

Cisco has released security updates to address multiple pre-authentication vulnerabilities with public exploits affecting Cisco Security Manager that could allow for remote code execution after ...