High
CVE-2023-49826
Deserialization of Untrusted Data vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCo…
Tag: Insecure Deserialization
All CVEs associated with "Insecure Deserialization". Page 12/17 • 2007 CVEs.
Subscribe CVEs: RSS for “Insecure Deserialization” · RSS (High+Critical only)
About “Insecure Deserialization”
A curated feed of “Insecure Deserialization”-related CVEs appears below. We currently track 2007 CVEs for this tag (all time). In the last 365 days, 674 were published. Average CVSS is 8.4 (all time; 8.3 over 365d), and 85% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-502 - Deserialization of Untrusted Data, CWE-20 - Improper Input Validation, CWE-94 - Improper Control of Generation of Code ('Code Injection').
In our taxonomy this topic maps to a HIGH impact class. Common exploitation patterns for this weakness can lead to high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2023-12-21
Critical
CVE-2023-49778
Deserialization of Untrusted Data vulnerability in Hakan Demiray Sayfa Sayac.This issue affects Sayfa Sayac: from n/a through 2.6.
Critical
CVE-2023-32242
Deserialization of Untrusted Data vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme.This issue affects WoodMart - Multipurpose WooCommerce Theme: from n/a through 1.0.36.
Critical
CVE-2023-51656
Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended to upgrade to version 1.2.2, which fixes the issue.
2023-12-20
Medium
CVE-2022-47599
Deserialization of Untrusted Data vulnerability in File Manager by Bit Form Team File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager.This issue affects File Ma…
High
CVE-2023-7018
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.
Critical
CVE-2023-49773
Deserialization of Untrusted Data vulnerability in Tim Brattberg BCorp Shortcodes.This issue affects BCorp Shortcodes: from n/a through 0.23.
Critical
CVE-2023-49772
Deserialization of Untrusted Data vulnerability in Phpbits Creative Studio Genesis Simple Love.This issue affects Genesis Simple Love: from n/a through 2.0.
High
CVE-2023-28782
Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. Gravity Forms.This issue affects Gravity Forms: from n/a through 2.7.3.
High
CVE-2023-47507
Deserialization of Untrusted Data vulnerability in Master Slider Master Slider Pro.This issue affects Master Slider Pro: from n/a through 3.6.5.
High
CVE-2023-46147
Deserialization of Untrusted Data vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5.
High
CVE-2023-40555
Deserialization of Untrusted Data vulnerability in UX-themes Flatsome | Multi-Purpose Responsive WooCommerce Theme.This issue affects Flatsome | Multi-Purpose Responsive WooCommerce Theme: from n/a t…
2023-12-19
Medium
CVE-2023-34382
Deserialization of Untrusted Data vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Mul…
High
CVE-2023-34027
Deserialization of Untrusted Data vulnerability in Rajnish Arora Recently Viewed Products.This issue affects Recently Viewed Products: from n/a through 1.0.0.
High
CVE-2023-37390
Deserialization of Untrusted Data vulnerability in Themesflat Themesflat Addons For Elementor.This issue affects Themesflat Addons For Elementor: from n/a through 2.0.0.
High
CVE-2023-6730
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.
High
CVE-2023-49819
Deserialization of Untrusted Data vulnerability in Gordon Böhme, Antonio Leutsch Structured Content (JSON-LD) #wpsc.This issue affects Structured Content (JSON-LD) #wpsc: from n/a through 1.5.3.
Medium
CVE-2023-46154
Deserialization of Untrusted Data vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress.This issue affects E2Pdf – Export To Pdf Tool for WordPress: from n/a through 1.20.18.
2023-12-18
High
CVE-2023-5886
The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing att…
2023-12-15
Critical
CVE-2023-46279
Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue.
Critical
CVE-2023-29234
A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Users are recommended to upgrade to the…
2023-12-12
High
CVE-2023-50252
php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling `<use>` tag that references an `<image>` tag, it merges the attributes from the `<use>` tag to the `<imag…
2023-12-10
Medium
CVE-2023-6656
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. It has been rated as critical. Affected by this issue is some unknown functionality of t…
Medium
CVE-2023-6654
A vulnerability classified as critical was found in PHPEMS 6.x/7.x/8.x/9.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data…
2023-12-07
High
CVE-2023-6580
A vulnerability, which was classified as critical, was found in D-Link DIR-846 FW100A53DBR. This affects an unknown part of the file /HNAP1/ of the component QoS POST Handler. The manipulation of the…
2023-12-05
Medium
CVE-2023-46674
An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Elastic would like…
2023-12-04
Critical
CVE-2023-48967
Ssolon <= 2.6.0 and <=2.5.12 is vulnerable to Deserialization of Untrusted Data.
2023-12-01
Critical
CVE-2023-48887
A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request.
Critical
CVE-2023-48886
A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request.
2023-11-28
High
CVE-2022-41678
Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request…
2023-11-20
Critical
CVE-2023-46990
Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function.
2023-11-17
Critical
CVE-2023-44353
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation…
Critical
CVE-2023-44351
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation…
Critical
CVE-2023-44350
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation…
2023-11-09
Critical
CVE-2023-47248
Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parqu…
Critical
CVE-2021-43609
An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A Blind Boolean SQL injection vulnerability within the order_by_for_ticket function in app/models/reporting/database_query.rb allo…
2023-11-08
High
CVE-2023-39913
Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.This issue affects Apache UIMA Jav…
2023-11-02
Critical
CVE-2023-47204
Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code.
2023-11-01
High
CVE-2023-1714
Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via (1) appending arbitrary con…
2023-10-31
Critical
CVE-2023-47174
Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Also, within th…
2023-10-30
High
CVE-2023-45672
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This…
High
CVE-2023-5583
The WP Simple Galleries plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.34 via deserialization of untrusted input from the 'wpsimplegallery_gallery' pos…
2023-10-27
Medium
CVE-2023-40121
In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. This could lead to local information disclosure with User execution privileges needed…
2023-10-20
High
CVE-2023-4386
The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. This allows u…
High
CVE-2022-3342
The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to, and including, 5.3.…
High
CVE-2023-4402
The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. This allow…
High
CVE-2023-34052
VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could resu…
2023-10-19
High
CVE-2023-46227
Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \t to bypass. Users are…
Medium
CVE-2023-34050
In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in mes…
2023-10-18
Critical
CVE-2023-35084
Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute command…
2023-10-16
High
CVE-2023-3154
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to acc…
2023-10-09
High
CVE-2023-44392
Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.12.65, Garden has a dependency on the cryo library, which is vulnerable to code injection due to an…
2023-10-05
Critical
CVE-2023-43981
Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a deserialization vulnerability via the component delete_excluded_folder.php.
2023-10-04
Critical
CVE-2023-42809
Redisson is a Java Redis client that uses the Netty framework. Prior to version 3.22.0, some of the messages received from the Redis server contain Java objects that the client deserializes without f…
Critical
CVE-2023-5391
A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the applica…
2023-10-03
High
CVE-2023-43176
A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file.
2023-10-02
High
CVE-2023-43268
Deyue Remote Vehicle Management System v1.1 was discovered to contain a deserialization vulnerability.
2023-09-27
Critical
CVE-2023-5183
Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Authentication to the API is required to exploit this vulnerability. The flaw exis…
Critical
CVE-2023-43291
Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to execute arbitrary code via the cache.php component.
Critical
CVE-2023-40044
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the un…
2023-09-20
Critical
CVE-2023-40619
phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' fun…
2023-09-17
Medium
CVE-2023-5016
A vulnerability was found in spider-flow up to 0.5.0. It has been declared as critical. Affected by this vulnerability is the function DriverManager.getConnection of the file src/main/java/org/spider…
2023-09-14
Medium
CVE-2023-32665
A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.
Medium
CVE-2023-32643
A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, bu…
Medium
CVE-2023-32636
A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table vali…
Medium
CVE-2023-32611
A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.
Medium
CVE-2023-29499
A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.
Critical
CVE-2023-38204
Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code ex…
2023-09-12
Critical
CVE-2023-41331
SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerable to remote command execution. Through a carefully crafted payload, an attacker can achieve JNDI injection or system command exe…
2023-09-11
High
CVE-2023-35669
In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to control other running activities due to unsafe deserialization. This could lead to local escalation of pri…
2023-09-07
High
CVE-2023-4528
Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface
2023-09-06
Critical
CVE-2023-41330
knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. ## Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attac…
2023-09-05
Medium
CVE-2023-30534
Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. While a viable gadget chain exists in Cacti…
2023-09-04
High
CVE-2023-28072
Dell Alienware Command Center, versions prior to 5.5.51.0, contain a deserialization of untrusted data vulnerability. A local malicious user could potentially send specially crafted requests to the .…
2023-08-28
High
CVE-2023-40195
Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider. When the Apache Spark provider…
2023-08-25
Critical
CVE-2023-40571
weblogic-framework is a tool for detecting weblogic vulnerabilities. Versions 0.2.3 and prior do not verify the returned data packets, and there is a deserialization vulnerability which may lead to r…
2023-08-24
Medium
CVE-2023-34040
In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have t…
2023-08-13
High
CVE-2023-39396
Deserialization vulnerability in the input module. Successful exploitation of this vulnerability may affect availability.
2023-08-02
High
CVE-2022-40609
IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted dat…
2023-07-31
High
CVE-2021-31681
Deserialization of Untrusted Data vulnerability in yolo 3 allows attackers to execute arbitrary code via crafted yaml file.
High
CVE-2021-31680
Deserialization of Untrusted Data vulnerability in yolo 5 allows attackers to execute arbitrary code via crafted yaml file.
2023-07-26
Critical
CVE-2023-38647
An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLo…
2023-07-25
Critical
CVE-2023-37895
Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to (including) 2.20.10 (stable branch) and 2.21.17 (unst…
High
CVE-2023-34434
Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could bypass the current logic a…
2023-07-20
Critical
CVE-2023-38203
Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code ex…
2023-07-19
High
CVE-2023-28754
Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs…
2023-07-17
Critical
CVE-2023-26512
CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh (incubating) V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send contro…
2023-07-14
High
CVE-2023-3513
Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with t…
2023-07-13
High
CVE-2023-3343
The User Registration plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.0.1 via deserialization of untrusted input from the 'profile-pic-url' parameter. T…
2023-07-12
Critical
CVE-2023-29300
Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrar…
2023-07-11
Critical
CVE-2023-36825
Orchid is a Laravel package that allows application development of back-office applications, admin/user panels, and dashboards. A vulnerability present starting in version 14.0.0-alpha4 and prior to…
2023-07-07
Medium
CVE-2023-33008
Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache Johnzon. A malicious attacker can craft up some JSON input that uses large numbers (numbers such as 1e20000000)…
2023-07-01
Critical
CVE-2023-28323
A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with oth…
2023-06-29
Critical
CVE-2023-31222
Deserialization of untrusted data in Microsoft Messaging Queuing Service in Medtronic's Paceart Optima versions 1.11 and earlier on Windows allows an unauthorized user to impact a healthcare delivery…
2023-06-28
Medium
CVE-2023-21214
In addGroupWithConfigInternal of p2p_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with System execution privileges…
Medium
CVE-2023-21209
In multiple functions of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local escalation of privilege with System execution privileges needed.…
Medium
CVE-2023-21206
In initiateVenueUrlAnqpQueryInternal of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with System execution priv…
Medium
CVE-2023-21205
In startWpsPinDisplayInternal of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with no additional execution priv…
2023-06-27
High
CVE-2023-2996
The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare…
2023-06-23
Critical
CVE-2023-33299
A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specificall…
2023-06-20
High
CVE-2023-26436
Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. Access to this API endpoint is restricted to…
2023-06-18
Medium
CVE-2023-3308
A vulnerability classified as problematic has been found in whaleal IceFrog 1.1.8. Affected is an unknown function of the component Aviator Template Engine. The manipulation leads to deserialization.…
2023-06-15
High
CVE-2023-21124
In run of multiple files, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. U…
2023-06-14
High
CVE-2023-3001
A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution wh…
Medium
CVE-2023-3234
A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. It has been declared as problematic. Affected by this vulnerability is the function put_image of the file api/controller/v1/PublicController…
Medium
CVE-2023-3232
A vulnerability was found in Zhong Bang CRMEB up to 4.6.0 and classified as critical. This issue affects some unknown processing of the file /api/wechat/app_auth of the component Image Upload. The ma…
2023-06-12
Medium
CVE-2023-34212
The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configu…
2023-06-09
High
CVE-2023-2249
The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure u…
2023-06-07
Critical
CVE-2023-33496
xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerability via the component com.xxl.rpc.core.remoting.net.impl.netty.codec.NettyDecode#decode.
High
CVE-2023-20888
Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials…
Critical
CVE-2020-36727
The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions up to, and including, 1.5.1. This is due to unsanitized input from the 'customFieldsDetails' paramete…
Critical
CVE-2020-36726
The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.32 via deserialization of untrusted input in several vulnerable functions. This a…
Critical
CVE-2020-36718
The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input "njt_gdpr_allow_permissions" v…
2023-06-01
Critical
CVE-2023-33963
DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrar…
2023-05-30
High
CVE-2023-2288
The Otter WordPress plugin before 2.2.6 does not sanitize some user-controlled file paths before performing file operations on them. This leads to a PHAR deserialization vulnerability on PHP < 8.0 us…
2023-05-25
High
CVE-2023-2500
The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.3.19 via deserialization of untrusted input from th…
2023-05-23
Critical
CVE-2023-27068
Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx.
2023-05-22
High
CVE-2023-31058
Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the 'autoDeserialize' op…
High
CVE-2023-32336
IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. IBM X-Force ID: 255285.
2023-05-16
Critical
CVE-2023-31890
An XML Deserialization vulnerability in glazedlists v1.11.0 allows an attacker to execute arbitrary code via the BeanXMLByteCoder.decode() parameter.