Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities by changmingxie

    CVE-2026-9497 (GCVE-0-2026-9497)

    Vulnerability from nvd – Published: 2026-05-25 19:45 – Updated: 2026-05-26 15:08
    VLAI
    Title
    changmingxie tcc-transaction Fastjson AutoType REST API Fastjson.parseObject deserialization
    Summary
    A flaw has been found in changmingxie tcc-transaction up to 2.1.0. This issue affects the function Fastjson.parseObject of the component Fastjson AutoType REST API. This manipulation causes deserialization. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/365480 vdb-entrytechnical-description
    https://vuldb.com/vuln/365480/cti signaturepermissions-required
    https://vuldb.com/submit/814092 third-party-advisory
    https://github.com/Ku4D3/bug_story/blob/main/repo… related
    Impacted products
    Vendor Product Version
    changmingxie tcc-transaction Affected: 2.0
    Affected: 2.1.0
        cpe:2.3:a:changmingxie:tcc-transaction:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Ku4D3 (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9497",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T15:08:03.009062Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T15:08:15.118Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:changmingxie:tcc-transaction:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Fastjson AutoType REST API"
              ],
              "product": "tcc-transaction",
              "vendor": "changmingxie",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0"
                },
                {
                  "status": "affected",
                  "version": "2.1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Ku4D3 (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in changmingxie tcc-transaction up to 2.1.0. This issue affects the function Fastjson.parseObject of the component Fastjson AutoType REST API. This manipulation causes deserialization. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "Deserialization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-25T19:45:09.811Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-365480 | changmingxie tcc-transaction Fastjson AutoType REST API Fastjson.parseObject deserialization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/365480"
            },
            {
              "name": "VDB-365480 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/365480/cti"
            },
            {
              "name": "Submit #814092 | changmingxie tcc-transaction \u003c=2.1.0 Deserialization",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/814092"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/Ku4D3/bug_story/blob/main/report_01.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-25T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-25T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-25T11:42:35.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "changmingxie tcc-transaction Fastjson AutoType REST API Fastjson.parseObject deserialization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-9497",
        "datePublished": "2026-05-25T19:45:09.811Z",
        "dateReserved": "2026-05-25T09:37:31.224Z",
        "dateUpdated": "2026-05-26T15:08:15.118Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9497 (GCVE-0-2026-9497)

    Vulnerability from cvelistv5 – Published: 2026-05-25 19:45 – Updated: 2026-05-26 15:08
    VLAI
    Title
    changmingxie tcc-transaction Fastjson AutoType REST API Fastjson.parseObject deserialization
    Summary
    A flaw has been found in changmingxie tcc-transaction up to 2.1.0. This issue affects the function Fastjson.parseObject of the component Fastjson AutoType REST API. This manipulation causes deserialization. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/365480 vdb-entrytechnical-description
    https://vuldb.com/vuln/365480/cti signaturepermissions-required
    https://vuldb.com/submit/814092 third-party-advisory
    https://github.com/Ku4D3/bug_story/blob/main/repo… related
    Impacted products
    Vendor Product Version
    changmingxie tcc-transaction Affected: 2.0
    Affected: 2.1.0
        cpe:2.3:a:changmingxie:tcc-transaction:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Ku4D3 (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9497",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T15:08:03.009062Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T15:08:15.118Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:changmingxie:tcc-transaction:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Fastjson AutoType REST API"
              ],
              "product": "tcc-transaction",
              "vendor": "changmingxie",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0"
                },
                {
                  "status": "affected",
                  "version": "2.1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Ku4D3 (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in changmingxie tcc-transaction up to 2.1.0. This issue affects the function Fastjson.parseObject of the component Fastjson AutoType REST API. This manipulation causes deserialization. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "Deserialization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-25T19:45:09.811Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-365480 | changmingxie tcc-transaction Fastjson AutoType REST API Fastjson.parseObject deserialization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/365480"
            },
            {
              "name": "VDB-365480 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/365480/cti"
            },
            {
              "name": "Submit #814092 | changmingxie tcc-transaction \u003c=2.1.0 Deserialization",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/814092"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/Ku4D3/bug_story/blob/main/report_01.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-25T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-25T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-25T11:42:35.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "changmingxie tcc-transaction Fastjson AutoType REST API Fastjson.parseObject deserialization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-9497",
        "datePublished": "2026-05-25T19:45:09.811Z",
        "dateReserved": "2026-05-25T09:37:31.224Z",
        "dateUpdated": "2026-05-26T15:08:15.118Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }