However, unlike classic Java deserialization vulnerabilities, only instantiation via a constructor with a single String parameter is possible. Luckily, this limitation significantly reduces the actual ...

Tracked as CVE-2025-42999 (CVSS score of 9.1) and described as an insecure deserialization issue, the vulnerability was resolved with the second critical security note released on SAP’s May 2025 ...

OpenJDK has been active in refining features for the upcoming JDK 25, with several Java Enhancement Proposals (JEPs ... Avira Prime – Local privilege escalation vulnerability with a CVSS score of 7.8.

In this paper, we propose DifFuzzAR, a new tool for automatic repair of timing side-channel vulnerabilities in Java code. The tool works in conjunction with DifFuzz and it is able to repair 56% of the ...

A significant prize, $100,000, was also earned for a Microsoft SharePoint exploit that chained authentication bypass and insecure deserialization vulnerabilities. A VMware Workstation exploit earned ...

Tracked as CVE-2025-42999 (CVSS score: 9.1), it has been described as a deserialization vulnerability that could be exploited by a privileged user to upload untrusted or malicious content. "The ...

Abstract: Developers and users require some degree of assurance in their applications' security vulnerabilities. The authors have designed a prototype tool, Jslint, to help programmers automatically ...