CVE-2026-50076
- EPSS 0.52%
- Veröffentlicht 04.06.2026 16:09:03
- Zuletzt bearbeitet 08.06.2026 13:00:55
Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks and invoke classpath...
CVE-2026-48207
- EPSS 0.57%
- Veröffentlicht 21.05.2026 17:16:21
- Zuletzt bearbeitet 21.05.2026 19:16:53
Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deseriali...
CVE-2025-61622
- EPSS 41.26%
- Veröffentlicht 01.10.2025 10:15:34
- Zuletzt bearbeitet 03.12.2025 21:52:30
Deserialization of untrusted data in python in pyfory versions 0.12.0 through 0.12.2, or the legacy pyfury versions from 0.1.0 through 0.10.3: allows arbitrary code execution. An application is vulnerable if it reads pyfory serialized data from untru...
CVE-2025-59328
- EPSS 0.59%
- Veröffentlicht 15.09.2025 16:26:58
- Zuletzt bearbeitet 04.11.2025 22:16:34
A vulnerability in Apache Fory allows a remote attacker to cause a Denial of Service (DoS). The issue stems from the insecure deserialization of untrusted data. An attacker can supply a large, specially crafted data payload that, when processed, cons...