Security Risk Category
unsafe-deserialization Security Risks
Published vulnerability pages connected to unsafe-deserialization. One risk can appear in multiple categories while keeping one canonical page.
unsafe-deserialization risks
Showing 2 of 2 published risks.
Snap7 ReadVar Request Handler Stack Buffer Overflow Vulnerability
A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::PerformFunctionRead of the file src/core/s7_server.cpp of the component ReadVar Request Handler. This manipulation causes deserialization. The attack requires access to the local network. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Updated Jul 10, 2026
Stanza Model Loader Unsafe Pickle Deserialization RCE Vulnerability
Stanza is a Stanford NLP Python library for tokenization, sentence segmentation, NER, and parsing of many human languages. Prior to 1.12.2, Stanza model loaders such as stanza.models.common.pretrain.Pretrain.load() attempt torch.load(..., weights_only=True) but fall back to torch.load(..., weights_only=False) on attacker-controllable pickle.UnpicklingError, allowing a malicious .pt pretrain or model file to execute arbitrary pickle code when a Stanza NLP pipeline loads it. This issue is fixed in version 1.12.2.
Updated Jul 10, 2026
