Skip to main content

Deserialization

2663 CVEs technique

Monthly

CVE-2024-26579 Maven CRITICAL PATCH Act Now

Deserialization of Untrusted Data vulnerability in Apache InLong.7.0 through 1.11.0, the attackers can bypass using malicious parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Inlong
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-34515 PHP HIGH PATCH This Week

image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to file_exists(). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-3240 HIGH This Week

The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.25 via deserialization of untrusted input from the 'settings_encoded' attribute of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP Information Disclosure WordPress
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-34075 npm MEDIUM POC PATCH This Month

kurwov is a fast, dependency-free library for creating Markov Chains. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization
NVD GitHub
CVSS 3.1
6.2
EPSS
0.3%
CVE-2024-34072 PyPI HIGH PATCH This Week

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Python Denial Of Service
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-1897 HIGH This Week

The Grid Gallery - Photo Image Grid Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization via shortcode of untrusted input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

PHP Deserialization WordPress Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-1896 HIGH This Week

The Photo Gallery - Responsive Photo Gallery, Image Gallery, Portfolio Gallery, Logo Gallery And Team Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

WordPress Deserialization PHP Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-7064 HIGH This Week

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.17.5 via deserialization of untrusted input from. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization PHP Information Disclosure WordPress Shortcodes And Extra Features For Phlox Theme
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-3591 MEDIUM POC This Month

The Geo Controller WordPress plugin before 8.6.5 unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization WordPress PHP Geo Controller
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-1895 HIGH This Week

The Event Monster - Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.9 via deserialization via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

PHP Deserialization WordPress Information Disclosure Event Monster
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-27322 HIGH This Week

Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE
NVD
CVSS 3.1
8.8
EPSS
23.6%
CVE-2024-33641 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in Team Yoast Custom field finder.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-33553 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in 8theme XStore Core.3.5. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Xstore Core
NVD
CVSS 3.1
9.0
EPSS
0.7%
CVE-2024-32876 HIGH This Week

NewPipe is an Android app for video streaming written in Java. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Google
NVD GitHub
CVSS 3.1
8.5
EPSS
0.3%
CVE-2024-32835 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in WebToffee Import Export WordPress Users.5.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization WordPress
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-32817 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta.26.2. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization
NVD VulDB
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-4019 MEDIUM This Month

A vulnerability classified as critical has been found in Byzoro Smart S80 Management Platform up to 20240411. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
1.0%
CVE-2024-32600 HIGH This Week

Deserialization of Untrusted Data vulnerability in Averta Master Slider.9.5. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Master Slider
NVD
CVSS 3.1
8.3
EPSS
0.7%
CVE-2024-32603 HIGH This Week

Deserialization of Untrusted Data vulnerability in ThemeKraft WooBuddy.4.20. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Buddypress Woocommerce My Account Integration
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2024-2912 PyPI CRITICAL PATCH Act Now

An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted POST request. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Deserialization
NVD GitHub
CVSS 3.1
10.0
EPSS
1.5%
CVE-2024-32431 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in WP All Import Import Users from CSV.2. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Wp All Import
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2024-3740 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in cym1102 nginxWebUI up to 3.9.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Nginxwebui
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-3054 HIGH PATCH Act Now

WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR Deserialization in all versions up to, and including, 0.9.99 via deserialization of untrusted input at the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.5%.

Deserialization PHP Information Disclosure WordPress Migration Backup Staging
NVD
CVSS 3.1
7.2
EPSS
20.5%
CVE-2024-27985 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in PropertyHive.0.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Propertyhive
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-3568 PyPI CRITICAL POC PATCH Act Now

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()`. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization RCE Checkpoint Transformers
NVD GitHub
CVSS 3.1
9.6
EPSS
2.1%
CVE-2024-3020 HIGH This Week

The plugin is vulnerable to PHP Object Injection in versions up to and including, 2.6.3 via deserialization of untrusted input in the import function via the 'shortcode' parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP Information Disclosure
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2024-2693 HIGH This Week

The Link Whisper Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.7.1 via deserialization of untrusted input of the 'mfn-page-items' post meta. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Deserialization WordPress Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-2501 HIGH This Week

The Hubbub Lite - Fast, Reliable Social Sharing Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.33.1 via deserialization of untrusted input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization PHP Information Disclosure WordPress
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-1813 CRITICAL Act Now

The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.11.0 via deserialization of untrusted input in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Deserialization WordPress Information Disclosure Simple Job Board
NVD
CVSS 3.1
9.8
EPSS
8.0%
CVE-2024-1792 HIGH This Week

The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.10.1 via deserialization of untrusted input from the text_datetime_timestamp_timezone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization PHP Information Disclosure WordPress
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-31224 CRITICAL PATCH Act Now

GPT Academic provides interactive interfaces for large language models. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Gpt Academic
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-3431 HIGH This Week

A vulnerability was found in EyouCMS 1.6.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP Eyoucms
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-31308 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in VJInfotech WP Import Export Lite.9.26. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Wp Import Export Lite
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2024-31277 HIGH This Week

Deserialization of Untrusted Data vulnerability in PickPlugins Product Designer.0.32. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization
NVD
CVSS 3.1
8.7
EPSS
0.4%
CVE-2024-31211 CRITICAL Act Now

WordPress is an open publishing platform for the Web. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE WordPress
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2024-2008 HIGH This Week

The Modal Popup Box - Popup Builder, Show Offers And News in Popup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.2 via deserialization of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP Information Disclosure WordPress
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-27604 CRITICAL Act Now

Alldata V0.4.6 is vulnerable to Command execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Alldata
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-29433 CRITICAL Act Now

A deserialization vulnerability in the FASTJSON component of Alldata v0.4.6 allows attackers to execute arbitrary commands via supplying crafted data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Alldata
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-31094 HIGH This Week

A vulnerability in websupporter Filter Custom Fields & Taxonomies Light filter-custom-fields-taxonomies-light.05. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization
NVD
CVSS 3.1
8.5
EPSS
0.4%
CVE-2024-3018 HIGH PATCH This Week

The Essential Addons for Elementor plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.13 via deserialization of untrusted input from the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

PHP Deserialization WordPress Information Disclosure Essential Addons For Elementor +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-1872 HIGH This Week

The Button plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.27 via deserialization of untrusted input in the button_shortcode function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP Information Disclosure WordPress
NVD VulDB
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-1858 MEDIUM This Month

The Lightbox slider - Responsive Lightbox Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.9 via deserialization of untrusted input through. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Deserialization WordPress Information Disclosure
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-23649 HIGH This Week

Deserialization of Untrusted Data vulnerability in MainWP MainWP Links Manager Extension.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-30221 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart.1.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-30230 HIGH This Week

Deserialization of Untrusted Data vulnerability in Acowebs PDF Invoices and Packing Slips For WooCommerce.3.7. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization WordPress Pdf Invoices And Packing Slips For Woocommerce
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2024-30229 HIGH This Week

Deserialization of Untrusted Data vulnerability in StellarWP GiveWP give.4.2. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization
NVD VulDB
CVSS 3.1
8.0
EPSS
0.6%
CVE-2024-30228 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Hercules Design Hercules Core.4. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
9.9
EPSS
0.6%
CVE-2024-30227 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo Controller.6.4. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization
NVD
CVSS 3.1
9.0
EPSS
0.2%
CVE-2024-30226 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in WPDeveloper BetterDocs.3.3. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 11.8% and no vendor patch available.

Deserialization Betterdocs
NVD
CVSS 3.1
9.0
EPSS
11.8%
CVE-2024-30225 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in WPENGINE, INC. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
10.0
EPSS
0.6%
CVE-2024-30224 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.3.2. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Wholesalex
NVD
CVSS 3.1
10.0
EPSS
0.9%
CVE-2024-30223 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.0.26. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Armember
NVD
CVSS 3.1
9.0
EPSS
1.1%
CVE-2024-30222 HIGH This Week

Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.0.26. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Armember
NVD
CVSS 3.1
8.5
EPSS
1.1%
CVE-2024-1770 HIGH This Week

The Meta Tag Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.2 via deserialization of untrusted input in the get_post_data function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Deserialization WordPress Information Disclosure
NVD VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-24842 HIGH This Week

Deserialization of Untrusted Data vulnerability in Echo Plugins Knowledge Base for Documentation, FAQs with AI Assistance.30.2. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization
NVD
CVSS 3.1
8.7
EPSS
0.4%
CVE-2023-27459 HIGH This Week

Deserialization of Untrusted Data vulnerability in WPEverest User Registration.3.2.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization User Registration Membership
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2024-24725 HIGH POC THREAT Act Now

Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP Gibbon
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
51.3%
CVE-2024-2025 HIGH This Week

The "BuddyPress WooCommerce My Account Integration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Deserialization WordPress Information Disclosure
NVD VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-28861 PHP CRITICAL POC PATCH Act Now

Symfony 1 is a community-driven fork of the 1.x branch of Symfony, a PHP framework for web projects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization RCE PHP Symfony1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-2494 MEDIUM This Month

A flaw was found in the RPC library APIs of libvirt. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization Denial Of Service
NVD
CVSS 3.1
6.2
EPSS
0.4%
CVE-2024-2054 CRITICAL POC THREAT Emergency

The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE PHP Artica Proxy
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
81.3%
CVE-2024-29032 PyPI HIGH POC PATCH This Week

Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE IBM Qiskit Ibm Runtime
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-1856 HIGH This Week

In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Telerik Reporting
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-1801 HIGH This Week

In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization RCE Telerik Reporting
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-1800 HIGH POC THREAT Act Now

In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Telerik Report Server
NVD GitHub
CVSS 3.1
8.8
EPSS
40.4%
CVE-2024-2721 HIGH This Week

Deserialization of Untrusted Data vulnerability in Social Media Share Buttons By Sygnoos Social Media Share Buttons.1.0. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Social Media Share Buttons
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2024-29136 HIGH This Week

Deserialization of Untrusted Data vulnerability in Themefic Tourfic tourfic.11.17. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization
NVD VulDB
CVSS 3.1
8.5
EPSS
0.4%
CVE-2024-2229 HIGH This Week

CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution when a malicious project file is loaded into the application by a valid user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-1685 HIGH This Week

The Social Media Share Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.1.0 via deserialization of untrusted input through the attachmentUrl. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Deserialization WordPress Information Disclosure Social Media Share Buttons
NVD VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-28859 PHP CRITICAL POC PATCH Act Now

Symfony1 is a community fork of symfony 1.4 with DIC, form enhancements, latest Swiftmailer, better performance, composer compatible and PHP 8 support. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Deserialization RCE PHP Symfony1
NVD GitHub
CVSS 3.1
9.0
EPSS
1.5%
CVE-2024-2006 HIGH PATCH This Week

The Post Grid, Slider & Carousel Ultimate - with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

PHP Deserialization WordPress Information Disclosure Post Grid Slider Carousel Ultimate
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2024-1951 HIGH This Week

The Logo Showcase Ultimate - Logo Carousel, Logo Slider & Logo Grid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization PHP Information Disclosure WordPress
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-1950 HIGH PATCH This Week

The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization PHP Information Disclosure WordPress Product Carousel Slider Grid Ultimate For Woocommerce
NVD VulDB
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-1772 HIGH This Week

The Play.ht - Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.4 via deserialization of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Deserialization WordPress Information Disclosure Play Ht
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-0047 MEDIUM PATCH This Month

In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-1773 HIGH PATCH This Week

The PDF Invoices and Packing Slips For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.7 via deserialization of untrusted input via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

PHP Deserialization WordPress Information Disclosure Pdf Invoices And Packing Slips For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-28213 Maven CRITICAL PATCH Act Now

nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Java Ngrinder
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-28212 CRITICAL Act Now

nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Ngrinder
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-28211 CRITICAL Act Now

nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Ngrinder
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-26580 Maven CRITICAL PATCH Act Now

Deserialization of Untrusted Data vulnerability in Apache InLong.8.0 through 1.10.0, the attackers can use the specific payload to read from an arbitrary file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Inlong
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2024-1731 HIGH This Week

The Auto Refresh Single Page plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1 via deserialization of untrusted input from the arsp_options post. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Deserialization WordPress Information Disclosure Auto Refresh Single Page
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-0825 HIGH This Week

The Vimeography: Vimeo Video Gallery WordPress Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.3.2 via deserialization of untrusted input via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Deserialization WordPress Information Disclosure Vimeography
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-24302 CRITICAL Act Now

An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to execute arbitrary code, escalate privileges, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Product Designer
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-0692 HIGH POC THREAT This Week

The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Security Event Manager
NVD
CVSS 3.1
8.8
EPSS
91.6%
CVE-2024-1859 HIGH PATCH This Week

The Slider Responsive Slideshow - Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization PHP Information Disclosure WordPress Slider Responsive Slideshow
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-23328 CRITICAL POC PATCH Act Now

Dataease is an open source data visualization analysis tool. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization RCE Java Dataease
NVD GitHub
CVSS 3.1
9.1
EPSS
1.2%
CVE-2024-23052 CRITICAL POC Act Now

An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute arbitrary code via the parseObject() function in the fastjson component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Wukongcrm
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
4.9%
CVE-2024-1750 HIGH This Week

A vulnerability, which was classified as critical, was found in TemmokuMVC up to 2.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization PHP Temmokumvc
NVD VulDB
CVSS 3.1
8.1
EPSS
0.8%
CVE-2024-1748 HIGH This Week

A vulnerability classified as critical was found in van_der_Schaar LAB AutoPrognosis 0.1.21. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Autoprognosis
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-23114 Maven CRITICAL PATCH Act Now

Deserialization of Untrusted Data vulnerability in Apache Camel CassandraQL Component AggregationRepository which is vulnerable to unsafe deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Camel
NVD
CVSS 3.1
9.8
EPSS
1.1%
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Deserialization of Untrusted Data vulnerability in Apache InLong.7.0 through 1.11.0, the attackers can bypass using malicious parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Inlong
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to file_exists(). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.25 via deserialization of untrusted input from the 'settings_encoded' attribute of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP Information Disclosure +1
NVD
EPSS 0% CVSS 6.2
MEDIUM POC PATCH This Month

kurwov is a fast, dependency-free library for creating Markov Chains. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Python +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

The Grid Gallery - Photo Image Grid Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization via shortcode of untrusted input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

PHP Deserialization WordPress +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The Photo Gallery - Responsive Photo Gallery, Image Gallery, Portfolio Gallery, Logo Gallery And Team Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

WordPress Deserialization PHP +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.17.5 via deserialization of untrusted input from. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization PHP Information Disclosure +2
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

The Geo Controller WordPress plugin before 8.6.5 unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization WordPress PHP +1
NVD WPScan
EPSS 1% CVSS 7.5
HIGH This Week

The Event Monster - Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.9 via deserialization via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

PHP Deserialization WordPress +2
NVD
EPSS 24% CVSS 8.8
HIGH This Week

Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Deserialization of Untrusted Data vulnerability in Team Yoast Custom field finder.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in 8theme XStore Core.3.5. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Xstore Core
NVD
EPSS 0% CVSS 8.5
HIGH This Week

NewPipe is an Android app for video streaming written in Java. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Google
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

Deserialization of Untrusted Data vulnerability in WebToffee Import Export WordPress Users.5.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization WordPress
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Deserialization of Untrusted Data vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta.26.2. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization
NVD VulDB
EPSS 1% CVSS 6.3
MEDIUM This Month

A vulnerability classified as critical has been found in Byzoro Smart S80 Management Platform up to 20240411. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP
NVD GitHub VulDB
EPSS 1% CVSS 8.3
HIGH This Week

Deserialization of Untrusted Data vulnerability in Averta Master Slider.9.5. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Master Slider
NVD
EPSS 0% CVSS 8.5
HIGH This Week

Deserialization of Untrusted Data vulnerability in ThemeKraft WooBuddy.4.20. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Buddypress Woocommerce My Account Integration
NVD
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted POST request. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Deserialization
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM This Month

Deserialization of Untrusted Data vulnerability in WP All Import Import Users from CSV.2. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Wp All Import
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in cym1102 nginxWebUI up to 3.9.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Nginxwebui
NVD GitHub VulDB
EPSS 21% CVSS 7.2
HIGH PATCH Act Now

WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR Deserialization in all versions up to, and including, 0.9.99 via deserialization of untrusted input at the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.5%.

Deserialization PHP Information Disclosure +2
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Deserialization of Untrusted Data vulnerability in PropertyHive.0.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Propertyhive
NVD
EPSS 2% CVSS 9.6
CRITICAL POC PATCH Act Now

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()`. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization RCE Checkpoint +1
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

The plugin is vulnerable to PHP Object Injection in versions up to and including, 2.6.3 via deserialization of untrusted input in the import function via the 'shortcode' parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP Information Disclosure
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The Link Whisper Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.7.1 via deserialization of untrusted input of the 'mfn-page-items' post meta. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Deserialization WordPress +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The Hubbub Lite - Fast, Reliable Social Sharing Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.33.1 via deserialization of untrusted input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization PHP Information Disclosure +1
NVD
EPSS 8% CVSS 9.8
CRITICAL Act Now

The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.11.0 via deserialization of untrusted input in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Deserialization WordPress +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.10.1 via deserialization of untrusted input from the text_datetime_timestamp_timezone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization PHP Information Disclosure +1
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

GPT Academic provides interactive interfaces for large language models. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Gpt Academic
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability was found in EyouCMS 1.6.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP Eyoucms
NVD VulDB
EPSS 0% CVSS 4.4
MEDIUM This Month

Deserialization of Untrusted Data vulnerability in VJInfotech WP Import Export Lite.9.26. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Wp Import Export Lite
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Deserialization of Untrusted Data vulnerability in PickPlugins Product Designer.0.32. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

WordPress is an open publishing platform for the Web. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE WordPress
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

The Modal Popup Box - Popup Builder, Show Offers And News in Popup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.2 via deserialization of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP Information Disclosure +1
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

Alldata V0.4.6 is vulnerable to Command execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Alldata
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

A deserialization vulnerability in the FASTJSON component of Alldata v0.4.6 allows attackers to execute arbitrary commands via supplying crafted data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Alldata
NVD GitHub
EPSS 0% CVSS 8.5
HIGH This Week

A vulnerability in websupporter Filter Custom Fields & Taxonomies Light filter-custom-fields-taxonomies-light.05. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

The Essential Addons for Elementor plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.13 via deserialization of untrusted input from the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

PHP Deserialization WordPress +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The Button plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.27 via deserialization of untrusted input in the button_shortcode function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

The Lightbox slider - Responsive Lightbox Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.9 via deserialization of untrusted input through. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Deserialization WordPress +1
NVD VulDB
EPSS 1% CVSS 8.1
HIGH This Week

Deserialization of Untrusted Data vulnerability in MainWP MainWP Links Manager Extension.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart.1.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization
NVD VulDB
EPSS 0% CVSS 8.2
HIGH This Week

Deserialization of Untrusted Data vulnerability in Acowebs PDF Invoices and Packing Slips For WooCommerce.3.7. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization WordPress Pdf Invoices And Packing Slips For Woocommerce
NVD
EPSS 1% CVSS 8.0
HIGH This Week

Deserialization of Untrusted Data vulnerability in StellarWP GiveWP give.4.2. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization
NVD VulDB
EPSS 1% CVSS 9.9
CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Hercules Design Hercules Core.4. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization
NVD
EPSS 0% CVSS 9.0
CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo Controller.6.4. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization
NVD
EPSS 12% CVSS 9.0
CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in WPDeveloper BetterDocs.3.3. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 11.8% and no vendor patch available.

Deserialization Betterdocs
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in WPENGINE, INC. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.3.2. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Wholesalex
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.0.26. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Armember
NVD
EPSS 1% CVSS 8.5
HIGH This Week

Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.0.26. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Armember
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The Meta Tag Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.2 via deserialization of untrusted input in the get_post_data function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Deserialization WordPress +1
NVD VulDB
EPSS 0% CVSS 8.7
HIGH This Week

Deserialization of Untrusted Data vulnerability in Echo Plugins Knowledge Base for Documentation, FAQs with AI Assistance.30.2. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization
NVD
EPSS 0% CVSS 7.4
HIGH This Week

Deserialization of Untrusted Data vulnerability in WPEverest User Registration.3.2.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization User Registration Membership
NVD
EPSS 51% CVSS 8.8
HIGH POC THREAT Act Now

Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP Gibbon
NVD Exploit-DB
EPSS 1% CVSS 8.8
HIGH This Week

The "BuddyPress WooCommerce My Account Integration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Deserialization WordPress +1
NVD VulDB
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

Symfony 1 is a community-driven fork of the 1.x branch of Symfony, a PHP framework for web projects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization RCE PHP +1
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM This Month

A flaw was found in the RPC library APIs of libvirt. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization Denial Of Service
NVD
EPSS 81% CVSS 9.8
CRITICAL POC THREAT Emergency

The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE PHP +1
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE IBM +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Telerik Reporting
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization RCE Telerik Reporting
NVD
EPSS 40% CVSS 8.8
HIGH POC THREAT Act Now

In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Telerik Report Server
NVD GitHub
EPSS 0% CVSS 8.2
HIGH This Week

Deserialization of Untrusted Data vulnerability in Social Media Share Buttons By Sygnoos Social Media Share Buttons.1.0. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Social Media Share Buttons
NVD
EPSS 0% CVSS 8.5
HIGH This Week

Deserialization of Untrusted Data vulnerability in Themefic Tourfic tourfic.11.17. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution when a malicious project file is loaded into the application by a valid user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The Social Media Share Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.1.0 via deserialization of untrusted input through the attachmentUrl. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Deserialization WordPress +2
NVD VulDB
EPSS 1% CVSS 9.0
CRITICAL POC PATCH Act Now

Symfony1 is a community fork of symfony 1.4 with DIC, form enhancements, latest Swiftmailer, better performance, composer compatible and PHP 8 support. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Deserialization RCE PHP +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

The Post Grid, Slider & Carousel Ultimate - with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

PHP Deserialization WordPress +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The Logo Showcase Ultimate - Logo Carousel, Logo Slider & Logo Grid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization PHP Information Disclosure +1
NVD VulDB
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization PHP Information Disclosure +2
NVD VulDB
EPSS 1% CVSS 8.8
HIGH This Week

The Play.ht - Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.4 via deserialization of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Deserialization WordPress +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Denial Of Service Android
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

The PDF Invoices and Packing Slips For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.7 via deserialization of untrusted input via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

PHP Deserialization WordPress +2
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Java +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Ngrinder
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Ngrinder
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

Deserialization of Untrusted Data vulnerability in Apache InLong.8.0 through 1.10.0, the attackers can use the specific payload to read from an arbitrary file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Inlong
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The Auto Refresh Single Page plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1 via deserialization of untrusted input from the arsp_options post. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Deserialization WordPress +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The Vimeography: Vimeo Video Gallery WordPress Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.3.2 via deserialization of untrusted input via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Deserialization WordPress +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to execute arbitrary code, escalate privileges, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Product Designer
NVD GitHub
EPSS 92% CVSS 8.8
HIGH POC THREAT This Week

The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Security Event Manager
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

The Slider Responsive Slideshow - Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization PHP Information Disclosure +2
NVD VulDB
EPSS 1% CVSS 9.1
CRITICAL POC PATCH Act Now

Dataease is an open source data visualization analysis tool. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization RCE Java +1
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute arbitrary code via the parseObject() function in the fastjson component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Wukongcrm
NVD GitHub VulDB
EPSS 1% CVSS 8.1
HIGH This Week

A vulnerability, which was classified as critical, was found in TemmokuMVC up to 2.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization PHP Temmokumvc
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability classified as critical was found in van_der_Schaar LAB AutoPrognosis 0.1.21. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Autoprognosis
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Deserialization of Untrusted Data vulnerability in Apache Camel CassandraQL Component AggregationRepository which is vulnerable to unsafe deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Camel
NVD
Prev Page 18 of 30 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy