In writeToParcel of MediaPlayer.java, there is a possible serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional e...

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current u...

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current u...

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicl...

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicl...

Apache Hive Metastore (HMS) uses SerializationUtilities#deserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution (RCE) si...