High
CVE-2024-10587
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.…
Tag: Insecure Deserialization
All CVEs associated with "Insecure Deserialization". Page 9/17 • 2007 CVEs.
Subscribe CVEs: RSS for “Insecure Deserialization” · RSS (High+Critical only)
About “Insecure Deserialization”
A curated feed of “Insecure Deserialization”-related CVEs appears below. We currently track 2007 CVEs for this tag (all time). In the last 365 days, 674 were published. Average CVSS is 8.4 (all time; 8.3 over 365d), and 85% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-502 - Deserialization of Untrusted Data, CWE-20 - Improper Input Validation, CWE-94 - Improper Control of Generation of Code ('Code Injection').
In our taxonomy this topic maps to a HIGH impact class. Common exploitation patterns for this weakness can lead to high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2024-12-04
High
CVE-2024-42455
A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This…
2024-12-03
Critical
CVE-2024-51363
Insecure deserialization in Hodoku v2.3.0 to v2.3.2 allows attackers to execute arbitrary code.
2024-12-02
Critical
CVE-2024-53477
JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java
2024-11-28
Critical
CVE-2024-52338
Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows arbitrary code execution. An application is vulnerable if it reads Arr…
2024-11-26
High
CVE-2024-53673
A java deserialization vulnerability in HPE Remote Insight Support may allow an unauthenticated attacker to execute code.
Critical
CVE-2024-11145
Valor Apps Easy Folder Listing Pro has a deserialization vulnerability that allows an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Joomla! application. Fixed…
2024-11-25
Medium
CVE-2024-11662
A vulnerability was found in welliamcao OpsManage 3.0.1/3.0.2/3.0.3/3.0.4/3.0.5. It has been rated as critical. This issue affects the function deploy_host_vars of the file /apps/api/views/deploy_api…
2024-11-23
Critical
CVE-2024-9511
The FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and includ…
2024-11-22
High
CVE-2024-11394
Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installati…
High
CVE-2024-11393
Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected inst…
High
CVE-2024-11392
Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installat…
High
CVE-2024-5580
Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra…
High
CVE-2024-5579
Allegra renderFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Alleg…
Medium
CVE-2023-51642
Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra…
Medium
CVE-2023-51641
Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Alle…
2024-11-21
High
CVE-2024-11409
The Grid View Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0 via deserialization of untrusted input from cs_all_photos_details parameter.…
2024-11-20
High
CVE-2018-9474
In writeToParcel of MediaPlayer.java, there is a possible serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional…
High
CVE-2018-9471
In the deserialization constructor of NanoAppFilter.java, there is a possible loss of data due to type confusion. This could lead to local escalation of privilege in the system server with no additio…
High
CVE-2024-10913
The Clone plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.6 via deserialization of untrusted input in the 'recursive_unserialized_replace' functio…
High
CVE-2024-52445
Deserialization of Untrusted Data vulnerability in ModelTheme QRMenu Restaurant QR Menu Lite qrmenu-lite allows Object Injection.This issue affects QRMenu Restaurant QR Menu Lite: from n/a through <=…
Critical
CVE-2024-52443
Deserialization of Untrusted Data vulnerability in masikonis Geolocator geolocator allows Object Injection.This issue affects Geolocator: from n/a through <= 1.1.
Critical
CVE-2024-52440
Deserialization of Untrusted Data vulnerability in xpresslane Xpresslane Fast Checkout xpresslane-integration-for-woocommerce allows Object Injection.This issue affects Xpresslane Fast Checkout: from…
Critical
CVE-2024-52439
Deserialization of Untrusted Data vulnerability in Mark O'Donnell Team Rosters team-rosters allows Object Injection.This issue affects Team Rosters: from n/a through <= 4.8.2.
High
CVE-2024-10382
There exists a code execution vulnerability in the Car App Android Jetpack Library. CarAppService uses deserialization logic that allows construction of arbitrary java classes. This can lead to arbit…
2024-11-18
Critical
CVE-2024-52434
Deserialization of Untrusted Data vulnerability in supsystic Popup by Supsystic popup-by-supsystic allows Command Injection.This issue affects Popup by Supsystic: from n/a through <= 1.10.29.
Critical
CVE-2024-52433
Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free my-geo-posts-free allows Object Injection.This issue affects My Geo Posts Free: from n/a through <= 1.2.
Critical
CVE-2024-52432
Deserialization of Untrusted Data vulnerability in NIX Solutions Ltd NIX Anti-Spam Light nix-anti-spam-light allows Object Injection.This issue affects NIX Anti-Spam Light: from n/a through <= 0.0.4.
Critical
CVE-2024-52430
Deserialization of Untrusted Data vulnerability in bublick Lis Video Gallery lis-video-gallery allows Object Injection.This issue affects Lis Video Gallery: from n/a through <= 0.2.1.
Critical
CVE-2024-52427
Deserialization of Untrusted Data vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Server Side Include (SSI) Injection.This issue affects Event Ti…
High
CVE-2024-41151
Deserialization of Untrusted Data vulnerability in Apache HertzBeat. This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat: before 1.6.1. Users are…
2024-11-16
Critical
CVE-2024-52414
Deserialization of Untrusted Data vulnerability in Anthony Carbon WDES Responsive Mobile Menu wdes-responsive-mobile-menu allows Object Injection.This issue affects WDES Responsive Mobile Menu: from…
Critical
CVE-2024-52413
Deserialization of Untrusted Data vulnerability in dmcwebzone Airin Blog airin-blog allows Object Injection.This issue affects Airin Blog: from n/a through <= 1.6.1.
Critical
CVE-2024-52412
Deserialization of Untrusted Data vulnerability in Stephen Cui Xin allows Object Injection.This issue affects Xin: from n/a through 1.0.8.1.
Critical
CVE-2024-52411
Deserialization of Untrusted Data vulnerability in flowcraft Advanced Personalization personalization-by-flowcraft allows Object Injection.This issue affects Advanced Personalization: from n/a throug…
Critical
CVE-2024-52410
Deserialization of Untrusted Data vulnerability in Phoenixheart Referrer Detector referrer-detector allows Object Injection.This issue affects Referrer Detector: from n/a through <= 4.2.1.0.
Critical
CVE-2024-52409
Deserialization of Untrusted Data vulnerability in Phoenixheart AJAX Random Posts ajax-random-posts allows Object Injection.This issue affects AJAX Random Posts: from n/a through <= 0.3.3.
2024-11-15
Critical
CVE-2021-3902
An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks. This issue affects all versio…
Critical
CVE-2021-3838
DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function. An attacker who can upload files o…
2024-11-14
Critical
CVE-2024-52393
Deserialization of Untrusted Data vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress.This issue affects Podlove Podcast Publisher: from n/a through <= 4.1…
Critical
CVE-2024-37285
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to hav…
High
CVE-2024-10962
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.9.107 via deserialization of untrusted input in the 'replac…
2024-11-13
High
CVE-2024-43080
In onReceive of AppRestrictionsFragment.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution…
High
CVE-2024-52306
FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerabilit…
High
CVE-2024-10013
In Progress Telerik UI for WinForms versions prior to 2024 Q4 (2024.4.1113), a code execution attack is possible through an insecure deserialization vulnerability.
High
CVE-2024-10012
In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1111), a code execution attack is possible through an insecure deserialization vulnerability.
High
CVE-2024-10828
The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order ex…
2024-11-12
Critical
CVE-2024-44102
A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000…
2024-11-04
Medium
CVE-2024-10749
A vulnerability, which was classified as critical, was found in ThinkAdmin up to 6.1.67. Affected is the function script of the file /app/admin/controller/api/Plugs.php. The manipulation of the argum…
2024-10-31
Medium
CVE-2024-50354
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. In gnark 0.11.0 and earlier, deserialization of Groth16 verification keys allocate excessive memory, consuming a lot…
High
CVE-2024-43383
Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator. This issue affects Apache Lucene.NET's Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016. An attacker…
2024-10-30
Critical
CVE-2024-48112
A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.
Critical
CVE-2024-10456
Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are affected by a deserialization vulnerability that targets the Device-Gateway, which could allow deserialization of arbitrary .NE…
Critical
CVE-2024-50507
Deserialization of Untrusted Data vulnerability in Daschmi DS.DownloadList dsdownloadlist allows Object Injection.This issue affects DS.DownloadList: from n/a through <= 1.3.
2024-10-29
Critical
CVE-2024-48206
A Deserialization of Untrusted Data vulnerability in chainer v7.8.1.post1 leads to execution of arbitrary code.
Critical
CVE-2024-48063
In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.
2024-10-28
High
CVE-2024-50416
Deserialization of Untrusted Data vulnerability in WPClever WPC Shop as a Customer for WooCommerce wpc-shop-as-customer allows Object Injection.This issue affects WPC Shop as a Customer for WooCommer…
High
CVE-2024-50408
Deserialization of Untrusted Data vulnerability in Bob Namaste! LMS namaste-lms allows Object Injection.This issue affects Namaste! LMS: from n/a through <= 2.6.3.
2024-10-23
High
CVE-2024-49684
Deserialization of Untrusted Data vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Object Injection.This issue affects Backup and Staging by WP Time Capsule: from…
2024-10-20
Critical
CVE-2024-49625
Deserialization of Untrusted Data vulnerability in sphoid SiteBuilder Dynamic Components sitebuilder-dynamic-components allows Object Injection.This issue affects SiteBuilder Dynamic Components: from…
Critical
CVE-2024-49624
Deserialization of Untrusted Data vulnerability in smartdevth Advanced Advertising System advanced-advertising-system allows Object Injection.This issue affects Advanced Advertising System: from n/a…
Critical
CVE-2024-49332
Deserialization of Untrusted Data vulnerability in giveawayboost Giveaway Boost giveaway-boost allows Object Injection.This issue affects Giveaway Boost: from n/a through <= 2.1.4.
Critical
CVE-2024-49626
Deserialization of Untrusted Data vulnerability in Piyush Patel Shipyaari Shipping Management shipyaari-shipping-managment allows Object Injection.This issue affects Shipyaari Shipping Management: fr…
2024-10-18
High
CVE-2024-10079
The WP Easy Post Types plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.4 via deserialization of untrusted input from the 'text' parameter in the 'ajax…
2024-10-17
High
CVE-2024-48924
### Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by an attacker that sends data contrived to produce hash…
Critical
CVE-2024-49318
Deserialization of Untrusted Data vulnerability in Scott My Reading Library my-reading-library allows Object Injection.This issue affects My Reading Library: from n/a through <= 1.0.
2024-10-16
Low
CVE-2024-47836
Admidio is an open-source user management solution. Prior to version 4.3.12, an unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Version 4…
Critical
CVE-2024-49227
Deserialization of Untrusted Data vulnerability in foter Free Stock Photos Foter free-stock-photos-foter allows Object Injection.This issue affects Free Stock Photos Foter: from n/a through <= 1.5.4.
High
CVE-2024-49226
Deserialization of Untrusted Data vulnerability in taketin TAKETIN To WP Membership taketin-to-wp-membership allows Object Injection.This issue affects TAKETIN To WP Membership: from n/a through <= 2…
Critical
CVE-2024-49218
Deserialization of Untrusted Data vulnerability in Al Imran Akash Recently recently-viewed-most-viewed-and-sold-products-for-woocommerce allows Object Injection.This issue affects Recently: from n/a…
Critical
CVE-2024-48030
Deserialization of Untrusted Data vulnerability in Webextends Telecash Ricaricaweb telecash-ricaricaweb allows Object Injection.This issue affects Telecash Ricaricaweb: from n/a through <= 2.2.
Critical
CVE-2024-48028
Deserialization of Untrusted Data vulnerability in Boyan Raichev IP Loc8 ip-loc8 allows Object Injection.This issue affects IP Loc8: from n/a through <= 1.1.
Critical
CVE-2024-48026
Deserialization of Untrusted Data vulnerability in GMRobbins Disc Golf Manager disc-golf-manager allows Object Injection.This issue affects Disc Golf Manager: from n/a through <= 1.0.0.
Critical
CVE-2024-49271
Deserialization of Untrusted Data vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) unlimited-elements-for-elementor allows Command Injection.This…
Critical
CVE-2024-48042
Deserialization of Untrusted Data vulnerability in supsystic Contact Form by Supsystic contact-form-by-supsystic allows Command Injection.This issue affects Contact Form by Supsystic: from n/a throug…
Medium
CVE-2021-4451
The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization…
Critical
CVE-2024-9634
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.3 via deserialization of untrusted input fr…
2024-10-13
Medium
CVE-2024-9917
A vulnerability, which was classified as critical, was found in HuangDou UTCMS V9. This affects an unknown part of the file app/modules/ut-template/admin/template_creat.php. The manipulation of the a…
2024-10-11
Critical
CVE-2024-48033
Deserialization of Untrusted Data vulnerability in baptiste.gourdin Talkback talkback-secure-linkback-protocol allows Object Injection.This issue affects Talkback: from n/a through <= 1.0.
Critical
CVE-2024-47074
DataEase is an open source data visualization analysis tool. In Dataease, the PostgreSQL data source in the data source function can customize the JDBC connection parameters and the PG server target…
2024-10-10
Critical
CVE-2024-47636
Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch allows Object Injection.This issue affects JobSearch: from n/a through <= 2.5.9.
Critical
CVE-2023-25581
pac4j is a security framework for Java. `pac4j-core` prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled val…
2024-10-08
High
CVE-2024-9005
CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server.
2024-10-05
High
CVE-2024-9314
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.228 via deserialization of untrusted inp…
2024-10-01
High
CVE-2024-7434
The UltraPress theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.2 via deserialization of untrusted input. This makes it possible for authenticated a…
High
CVE-2024-7433
The Empowerment theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.2 via deserialization of untrusted input. This makes it possible for authenticated…
High
CVE-2024-7432
The Unseen Blog theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input. This makes it possible for authenticated…
2024-09-30
Medium
CVE-2024-45772
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicat…
Medium
CVE-2024-45200
In Nintendo Mario Kart 8 Deluxe before 3.0.3, the LAN/LDN local multiplayer implementation allows a remote attacker to exploit a stack-based buffer overflow upon deserialization of session informatio…
2024-09-28
Critical
CVE-2024-8353
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input vi…
2024-09-27
High
CVE-2024-8922
The Product Enquiry for WooCommerce, WooCommerce product catalog plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.33.32 via deserialization of untr…
2024-09-25
High
CVE-2024-8316
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability.
High
CVE-2024-7576
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability.
Critical
CVE-2024-8514
The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.11 via deserialization of untrusted input from the 'pri…
2024-09-24
High
CVE-2022-2439
The Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress is vulnerable to deserialization of untrusted input via the 'upload[file]' parameter in versions up to, an…
2024-09-19
Critical
CVE-2024-46983
sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. The SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous cla…
2024-09-18
Critical
CVE-2024-35515
Insecure deserialization in sqlitedict up to v2.1.0 allows attackers to execute arbitrary code.
2024-09-17
High
CVE-2024-5998
A vulnerability in the FAISS.deserialize_from_bytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via th…
2024-09-16
Critical
CVE-2024-22399
Deserialization of Untrusted Data vulnerability in Apache Seata. When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct unco…
2024-09-14
High
CVE-2024-8862
A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Conn…
2024-09-13
High
CVE-2022-2446
The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'current_theme_root' parameter in versions up to, and including 1.2.9. This makes it possible for authen…
Critical
CVE-2024-41874
ColdFusion versions 2023.9, 2021.15 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An…
2024-09-12
High
CVE-2024-45857
Deserialization of untrusted data can occur in versions 2.4.0 or newer of the Cleanlab project, enabling a maliciously crafted datalab.pkl file to run arbitrary code on an end user’s system when the…
High
CVE-2024-45855
Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when using ‘fi…
High
CVE-2024-45854
Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a ‘descri…
High
CVE-2024-45853
Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when used for…
High
CVE-2024-45852
Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with.
Critical
CVE-2024-29847
Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
2024-09-09
Critical
CVE-2024-44902
A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.
Critical
CVE-2024-37288
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Secu…
2024-09-07
Critical
CVE-2024-40711
A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).
2024-09-06
Critical
CVE-2024-45758
H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Exploitation can occur when an attacker has access…
2024-08-31
High
CVE-2024-7435
The Attire theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.6 via deserialization of untrusted input. This makes it possible for authenticated attac…
2024-08-30
Critical
CVE-2024-8016
The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.0.2 via deserialization of untrusted input from the 'filters' parameter in w…
High
CVE-2024-2694
The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 27.5.6 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This…
2024-08-29
Critical
CVE-2024-8255
Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability.
Critical
CVE-2024-43931
Deserialization of Untrusted Data vulnerability in eyecix JobSearch allows Object Injection.This issue affects JobSearch: from n/a through 2.5.3.
High
CVE-2022-2440
The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'images_array' parameter in versions up to, and including 2.8. This makes it possible for authenticat…
2024-08-28
Critical
CVE-2024-8030
The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via de…
2024-08-24
High
CVE-2024-7656
The Image Hotspot by DevVN plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.5 via deserialization of untrusted input in the 'devvn_ihotspot_shortco…