Skip to main content

Deserialization

2663 CVEs technique

Monthly

CVE-2024-7560 HIGH This Week

The News Flash theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the newsflash_post_meta meta value. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization WordPress Information Disclosure PHP
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-7486 HIGH This Week

The MultiPurpose theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.0 via deserialization of untrusted input through the 'wpeden_post_meta' post meta. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization WordPress Information Disclosure PHP
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-36131 HIGH This Week

An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authenticated remote attacker to execute arbitrary commands on the underlying operating system of the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Endpoint Manager Mobile
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2024-39636 HIGH This Week

Deserialization of Untrusted Data vulnerability in CodeSolz Better Find and Replace.6.1. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization
NVD
CVSS 3.1
8.3
EPSS
0.4%
CVE-2024-39630 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in MotoPress Timetable and Event Schedule allows Object Injection.4.13. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-6152 HIGH This Week

The Flipbox Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5 via deserialization of untrusted input in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization WordPress Information Disclosure PHP
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-39673 HIGH This Week

Vulnerability of serialisation/deserialisation mismatch in the iAware module. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Emui Harmonyos
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-7067 MEDIUM POC PATCH This Month

A vulnerability was found in kirilkirkov Ecommerce-Laravel-Bootstrap up to 1f1097a3448ce8ec53e034ea0f70b8e2a0e64a87. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Deserialization PHP Ecommerce Laravel Bootstrap
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-6327 CRITICAL Act Now

In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Telerik Report Server
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2024-6794 CRITICAL Act Now

A deserialization of untrusted data vulnerability exists in NI VeriStand Waveform Streaming Server that may result in remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Veristand
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-6793 CRITICAL Act Now

A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that may result in remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Veristand
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-6675 HIGH This Week

A deserialization of untrusted data vulnerability exists in NI VeriStand that may result in remote code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization RCE
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-38759 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in WP MEDIA SAS Search & Replace search-and-replace.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Search Replace
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-6960 Maven HIGH This Week

The H2O machine learning platform uses "Iced" classes as the primary means of moving Java Objects around the cluster. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization RCE Java
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-6944 MEDIUM This Month

A vulnerability was found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP Crmeb
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
3.8%
CVE-2024-6943 MEDIUM This Month

A vulnerability has been found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP Crmeb
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-5726 HIGH This Week

The Timeline Event History plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1 via deserialization of untrusted input 'timelines-data' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Deserialization PHP Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-28074 HIGH This Week

It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access Rights Manager. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization Access Rights Manager
NVD
CVSS 3.1
8.8
EPSS
10.9%
CVE-2024-40624 PHP CRITICAL PATCH Act Now

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-6645 MEDIUM This Month

A vulnerability was found in WuKongOpenSource Wukong_nocode up to 20230807. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-6644 MEDIUM This Month

A vulnerability was found in zmops ArgusDBM up to 0.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-31317 HIGH PATCH This Week

In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITE_SECURE_SETTINGS due to unsafe deserialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-38094 HIGH KEV PATCH THREAT This Week

Microsoft SharePoint Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Microsoft Sharepoint Server
NVD
CVSS 3.1
7.2
EPSS
47.8%
CVE-2024-38024 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Microsoft Sharepoint Server
NVD
CVSS 3.1
7.2
EPSS
45.2%
CVE-2024-38023 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Microsoft Sharepoint Server
NVD
CVSS 3.1
7.2
EPSS
52.9%
CVE-2024-37502 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in wpweb WooCommerce Social Login woo-social-login.6.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress Deserialization
NVD VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-5488 CRITICAL POC Act Now

The SEOPress WordPress plugin before 7.9 does not properly protect some of its REST API routes, which combined with another Object Injection vulnerability can allow unauthenticated attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization WordPress Seopress
NVD WPScan
CVSS 3.1
9.8
EPSS
3.7%
CVE-2024-6525 MEDIUM POC This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20230922. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization D-Link PHP Dar 7000 Firmware
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
3.1%
CVE-2024-6441 MEDIUM This Month

A vulnerability was found in ORIPA up to 1.72. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-36984 HIGH This Week

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user could execute a specially crafted query that they could then use to serialize untrusted data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Splunk Microsoft
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-39705 PyPI CRITICAL PATCH Act Now

NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Python
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-5016 HIGH This Week

In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Whatsup Gold
NVD
CVSS 3.1
7.2
EPSS
22.4%
CVE-2024-39334 MEDIUM This Month

MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a trading partner provides prepared XML data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-32030 HIGH This Week

Kafka UI is an Open-Source Web UI for Apache Kafka Management. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Code Injection Apache RCE
NVD GitHub
CVSS 3.1
8.1
EPSS
34.1%
CVE-2024-35780 HIGH This Week

Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer.5.42. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization
NVD
CVSS 3.1
8.5
EPSS
0.4%
CVE-2024-5724 HIGH This Week

The Photo Video Gallery Master plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.3 via deserialization of untrusted input 'PVGM_all_photos_details'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP Information Disclosure Deserialization Photo Video Gallery Master
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-5649 MEDIUM This Month

The Universal Slider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.5 via deserialization of untrusted input 'fsl_get_gallery_value' function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP Information Disclosure Deserialization Universal Slider
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-5871 CRITICAL Act Now

The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'woo_slg_verify'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP Information Disclosure WordPress Woocommerce Social Login
NVD
CVSS 3.1
9.8
EPSS
5.2%
CVE-2024-5671 CRITICAL Act Now

Insecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote attackers to perform arbitrary code execution and access to the vulnerable Trellix IPS Manager. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-4371 CRITICAL Act Now

The CoDesigner WooCommerce Builder for Elementor - Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization PHP Information Disclosure WordPress Codesigner
NVD
CVSS 3.1
9.0
EPSS
5.4%
CVE-2024-3468 HIGH This Week

There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 4.0
8.4
EPSS
0.4%
CVE-2024-3467 HIGH This Week

There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Pi Asset Framework Client
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2024-28964 HIGH This Week

Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Dell Common Event Enabler
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-35249 HIGH PATCH This Week

Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Microsoft Dynamics 365 Business Central
NVD
CVSS 3.1
8.8
EPSS
3.4%
CVE-2024-36528 PHP HIGH POC This Week

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE PHP Egovernment Nukeviet
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-5675 CRITICAL Act Now

Untrusted data deserialization vulnerability has been found in Mentor - Employee Portal, affecting version 3.83.35. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Mentor
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-5629 PyPI HIGH PATCH This Week

An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Deserialization Buffer Overflow Information Disclosure Pymongo Debian Linux
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-37065 PyPI HIGH This Week

Deserialization of untrusted data can occur in versions 0.6 or newer of the skops python library, enabling a maliciously crafted model to run arbitrary code on an end user's system when loaded. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Python
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-37064 PyPI HIGH This Week

Deseriliazation of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a maliciously crafted dataset to run arbitrary code on an end user's. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-37062 PyPI HIGH This Week

Deserialization of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a malicously crafted report to run arbitrary code on an end user's. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-37060 PyPI HIGH POC This Week

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Mlflow
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-37059 PyPI HIGH POC This Week

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Mlflow
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-37058 PyPI HIGH POC This Week

Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.5.0 or newer, enabling a maliciously uploaded Langchain AgentExecutor model to run arbitrary code on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Mlflow
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-37057 PyPI HIGH POC This Week

Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0rc0 or newer, enabling a maliciously uploaded Tensorflow model to run arbitrary code on an end. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Mlflow
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-37056 PyPI HIGH POC This Week

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Mlflow
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-37055 PyPI HIGH POC This Week

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.0 or newer, enabling a maliciously uploaded pmdarima model to run arbitrary code on an end user’s. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Mlflow
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-37054 PyPI HIGH POC This Week

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Mlflow
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-37053 PyPI HIGH POC This Week

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Mlflow
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-37052 PyPI HIGH POC This Week

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Mlflow
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-3301 HIGH This Week

An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to post-authentication remote code execution. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization RCE
NVD
CVSS 3.1
8.5
EPSS
0.7%
CVE-2024-3300 CRITICAL POC Act Now

An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization RCE
NVD
CVSS 3.1
9.0
EPSS
2.8%
CVE-2024-26289 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in PMB Services PMB allows Remote Code Inclusion.5.1 before 7.5.6-2, from 7.4.1 before 7.4.9, from 7.3.1 before 7.3.18. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Pmb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-5352 MEDIUM POC This Month

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Aj Report
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-5351 MEDIUM POC This Month

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Aj Report
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-5085 HIGH PATCH This Week

The Hash Form - Drag & Drop Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input in the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

WordPress Deserialization PHP Information Disclosure Hash Form
NVD
CVSS 3.1
8.1
EPSS
4.4%
CVE-2024-4471 HIGH This Week

The 140+ Widgets | Best Addons For Elementor - FREE for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.3.1 via deserialization of untrusted input in the. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Deserialization WordPress Information Disclosure
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2024-4157 HIGH PATCH This Week

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.1.15 via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

PHP Deserialization WordPress Information Disclosure Contact Form
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-34274 LOW Monitor

OpenBD 20210306203917-6cbe797 is vulnerable to Deserialization of Untrusted Data. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. No vendor patch available.

Deserialization RCE
NVD GitHub
CVSS 3.1
3.9
EPSS
0.2%
CVE-2024-31879 HIGH This Week

IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Denial Of Service IBM
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-34997 PyPI HIGH POC This Week

joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Deserialization Joblib
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-4733 HIGH This Week

The ShiftController Employee Shift Scheduling plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the `hc3_session`-cookie in versions up to, and including,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

PHP Deserialization Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-34751 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in WebToffee Order Export & Order Import for WooCommerce.4.9. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization WordPress
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-4838 HIGH This Week

The ConvertPlus plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.26 via deserialization of untrusted input from the 'settings_encoded' attribute of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

WordPress Deserialization PHP Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2024-4200 HIGH This Week

In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Telerik Reporting
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-3967 CRITICAL Act Now

Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Java Imanager
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-3483 CRITICAL Act Now

Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Command Injection Imanager
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-30044 HIGH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Microsoft Sharepoint Server
NVD
CVSS 3.1
7.2
EPSS
84.0%
CVE-2024-30042 HIGH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Microsoft 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2024-4699 MEDIUM POC This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230922.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization D-Link PHP Dar 8000 10 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
6.1%
CVE-2024-4606 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in BdThemes Ultimate Store Kit Elementor Addons.0.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-4413 CRITICAL Act Now

The Hotel Booking Lite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.11.1 via deserialization of untrusted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Deserialization PHP Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2024-4044 HIGH This Week

A deserialization of untrusted data vulnerability exists in common code used by FlexLogger and InstrumentStudio that may result in remote code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization RCE
NVD
CVSS 3.1
7.8
EPSS
14.7%
CVE-2024-3954 HIGH This Week

The Ditty plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.1.38 via deserialization of untrusted input when adding a new ditty. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Deserialization PHP Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-3070 CRITICAL Act Now

The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input from the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP Information Disclosure WordPress
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2024-34433 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in OCDI One Click Demo Import.2.0. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization One Click Demo Import
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2024-2290 HIGH This Week

The Advanced Ads plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.52.1 via deserialization of untrusted input in the 'placement_slug' parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP Information Disclosure WordPress
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-29800 PHP HIGH POC PATCH This Week

Deserialization of Untrusted Data vulnerability in Timber Team & Contributors Timber.23.0. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. Public exploit code available.

Deserialization
NVD GitHub
CVSS 3.1
8.0
EPSS
0.9%
CVE-2024-29212 CRITICAL Act Now

Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Veeam Service Provider Console
NVD
CVSS 3.0
9.9
EPSS
1.6%
CVE-2024-28075 HIGH This Week

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Deserialization RCE Trend Micro Access Rights Manager
NVD
CVSS 3.1
8.0
EPSS
78.0%
CVE-2024-22460 HIGH This Week

Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecure deserialization Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Dell Dm5500 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.4%
EPSS 1% CVSS 7.2
HIGH This Week

The News Flash theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the newsflash_post_meta meta value. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization WordPress Information Disclosure +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The MultiPurpose theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.0 via deserialization of untrusted input through the 'wpeden_post_meta' post meta. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization WordPress Information Disclosure +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authenticated remote attacker to execute arbitrary commands on the underlying operating system of the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Endpoint Manager Mobile
NVD
EPSS 0% CVSS 8.3
HIGH This Week

Deserialization of Untrusted Data vulnerability in CodeSolz Better Find and Replace.6.1. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Deserialization of Untrusted Data vulnerability in MotoPress Timetable and Event Schedule allows Object Injection.4.13. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The Flipbox Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5 via deserialization of untrusted input in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization WordPress Information Disclosure +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Vulnerability of serialisation/deserialisation mismatch in the iAware module. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Emui Harmonyos
NVD
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

A vulnerability was found in kirilkirkov Ecommerce-Laravel-Bootstrap up to 1f1097a3448ce8ec53e034ea0f70b8e2a0e64a87. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Deserialization PHP Ecommerce Laravel Bootstrap
NVD GitHub VulDB
EPSS 2% CVSS 9.8
CRITICAL Act Now

In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Telerik Report Server
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A deserialization of untrusted data vulnerability exists in NI VeriStand Waveform Streaming Server that may result in remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Veristand
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that may result in remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Veristand
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A deserialization of untrusted data vulnerability exists in NI VeriStand that may result in remote code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization RCE
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in WP MEDIA SAS Search & Replace search-and-replace.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Search Replace
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The H2O machine learning platform uses "Iced" classes as the primary means of moving Java Objects around the cluster. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization RCE Java
NVD
EPSS 4% CVSS 5.3
MEDIUM This Month

A vulnerability was found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP Crmeb
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability has been found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP Crmeb
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH This Week

The Timeline Event History plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1 via deserialization of untrusted input 'timelines-data' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Deserialization PHP +1
NVD
EPSS 11% CVSS 8.8
HIGH This Week

It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access Rights Manager. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization Access Rights Manager
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability was found in WuKongOpenSource Wukong_nocode up to 20230807. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability was found in zmops ArgusDBM up to 0.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java
NVD GitHub VulDB
EPSS 1% CVSS 7.8
HIGH PATCH This Week

In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITE_SECURE_SETTINGS due to unsafe deserialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Privilege Escalation +1
NVD
EPSS 48% CVSS 7.2
HIGH KEV PATCH THREAT This Week

Microsoft SharePoint Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Microsoft +1
NVD
EPSS 45% CVSS 7.2
HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Microsoft +1
NVD
EPSS 53% CVSS 7.2
HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Microsoft +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Deserialization of Untrusted Data vulnerability in wpweb WooCommerce Social Login woo-social-login.6.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress Deserialization
NVD VulDB
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

The SEOPress WordPress plugin before 7.9 does not properly protect some of its REST API routes, which combined with another Object Injection vulnerability can allow unauthenticated attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization WordPress Seopress
NVD WPScan
EPSS 3% CVSS 5.1
MEDIUM POC This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20230922. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization D-Link PHP +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability was found in ORIPA up to 1.72. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Java
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 on Windows, an authenticated user could execute a specially crafted query that they could then use to serialize untrusted data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Splunk +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Python
NVD GitHub
EPSS 22% CVSS 7.2
HIGH This Week

In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Whatsup Gold
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a trading partner provides prepared XML data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD
EPSS 34% CVSS 8.1
HIGH This Week

Kafka UI is an Open-Source Web UI for Apache Kafka Management. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Code Injection Apache +1
NVD GitHub
EPSS 0% CVSS 8.5
HIGH This Week

Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer.5.42. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The Photo Video Gallery Master plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.3 via deserialization of untrusted input 'PVGM_all_photos_details'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP Information Disclosure +2
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

The Universal Slider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.5 via deserialization of untrusted input 'fsl_get_gallery_value' function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP Information Disclosure +2
NVD
EPSS 5% CVSS 9.8
CRITICAL Act Now

The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'woo_slg_verify'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP Information Disclosure +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Insecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote attackers to perform arbitrary code execution and access to the vulnerable Trellix IPS Manager. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE
NVD
EPSS 5% CVSS 9.0
CRITICAL Act Now

The CoDesigner WooCommerce Builder for Elementor - Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization PHP Information Disclosure +2
NVD
EPSS 0% CVSS 8.4
HIGH This Week

There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD
EPSS 0% CVSS 7.0
HIGH This Week

There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Pi Asset Framework Client
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Dell +1
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Microsoft +1
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE PHP +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Untrusted data deserialization vulnerability has been found in Mentor - Employee Portal, affecting version 3.83.35. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Mentor
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Deserialization Buffer Overflow Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Deserialization of untrusted data can occur in versions 0.6 or newer of the skops python library, enabling a maliciously crafted model to run arbitrary code on an end user's system when loaded. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Python
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Deseriliazation of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a maliciously crafted dataset to run arbitrary code on an end user's. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Deserialization of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a malicously crafted report to run arbitrary code on an end user's. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Mlflow
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Mlflow
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.5.0 or newer, enabling a maliciously uploaded Langchain AgentExecutor model to run arbitrary code on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Mlflow
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0rc0 or newer, enabling a maliciously uploaded Tensorflow model to run arbitrary code on an end. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Mlflow
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Mlflow
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.0 or newer, enabling a maliciously uploaded pmdarima model to run arbitrary code on an end user’s. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Mlflow
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Mlflow
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Mlflow
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Mlflow
NVD
EPSS 1% CVSS 8.5
HIGH This Week

An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to post-authentication remote code execution. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization RCE
NVD
EPSS 3% CVSS 9.0
CRITICAL POC Act Now

An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization RCE
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in PMB Services PMB allows Remote Code Inclusion.5.1 before 7.5.6-2, from 7.4.1 before 7.4.9, from 7.3.1 before 7.3.18. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Pmb
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Aj Report
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Aj Report
NVD GitHub VulDB
EPSS 4% CVSS 8.1
HIGH PATCH This Week

The Hash Form - Drag & Drop Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input in the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

WordPress Deserialization PHP +2
NVD
EPSS 0% CVSS 8.0
HIGH This Week

The 140+ Widgets | Best Addons For Elementor - FREE for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.3.1 via deserialization of untrusted input in the. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Deserialization WordPress +1
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.1.15 via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

PHP Deserialization WordPress +2
NVD
EPSS 0% CVSS 3.9
LOW Monitor

OpenBD 20210306203917-6cbe797 is vulnerable to Deserialization of Untrusted Data. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. No vendor patch available.

Deserialization RCE
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Denial Of Service +1
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Deserialization Joblib
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

The ShiftController Employee Shift Scheduling plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the `hc3_session`-cookie in versions up to, and including,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

PHP Deserialization Information Disclosure
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Deserialization of Untrusted Data vulnerability in WebToffee Order Export & Order Import for WooCommerce.4.9. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization WordPress
NVD
EPSS 2% CVSS 7.5
HIGH This Week

The ConvertPlus plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.26 via deserialization of untrusted input from the 'settings_encoded' attribute of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

WordPress Deserialization PHP +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Telerik Reporting
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Java +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Command Injection Imanager
NVD
EPSS 84% CVSS 7.2
HIGH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Microsoft +1
NVD
EPSS 2% CVSS 7.8
HIGH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Microsoft +5
NVD
EPSS 6% CVSS 5.3
MEDIUM POC This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230922.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization D-Link PHP +1
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Deserialization of Untrusted Data vulnerability in BdThemes Ultimate Store Kit Elementor Addons.0.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

The Hotel Booking Lite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.11.1 via deserialization of untrusted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Deserialization PHP +1
NVD
EPSS 15% CVSS 7.8
HIGH This Week

A deserialization of untrusted data vulnerability exists in common code used by FlexLogger and InstrumentStudio that may result in remote code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization RCE
NVD
EPSS 2% CVSS 8.8
HIGH This Week

The Ditty plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.1.38 via deserialization of untrusted input when adding a new ditty. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Deserialization PHP +1
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input from the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP Information Disclosure +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Deserialization of Untrusted Data vulnerability in OCDI One Click Demo Import.2.0. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization One Click Demo Import
NVD
EPSS 1% CVSS 7.2
HIGH This Week

The Advanced Ads plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.52.1 via deserialization of untrusted input in the 'placement_slug' parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP Information Disclosure +1
NVD
EPSS 1% CVSS 8.0
HIGH POC PATCH This Week

Deserialization of Untrusted Data vulnerability in Timber Team & Contributors Timber.23.0. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. Public exploit code available.

Deserialization
NVD GitHub
EPSS 2% CVSS 9.9
CRITICAL Act Now

Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Veeam Service Provider Console
NVD
EPSS 78% CVSS 8.0
HIGH This Week

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Deserialization RCE Trend Micro +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecure deserialization Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Dell +1
NVD
Prev Page 17 of 30 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy