Skip to main content

Deserialization

2663 CVEs technique

Monthly

CVE-2024-22369 Maven HIGH PATCH This Week

Deserialization of Untrusted Data vulnerability in Apache Camel SQL Component0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Camel
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-1651 PHP CRITICAL POC THREAT Act Now

Torrentpier version 2.4.1 allows executing arbitrary commands on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Torrentpier
NVD GitHub
CVSS 3.1
9.8
EPSS
34.0%
CVE-2024-20953 HIGH KEV THREAT This Week

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Oracle Agile Product Lifecycle Management
NVD
CVSS 3.1
8.8
EPSS
3.4%
CVE-2024-23478 HIGH PATCH This Week

SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Access Rights Manager
NVD
CVSS 3.1
8.0
EPSS
81.6%
CVE-2024-23759 CRITICAL POC THREAT Emergency

Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE File Upload Gambio
NVD
CVSS 3.1
9.8
EPSS
47.8%
CVE-2024-23833 Maven HIGH POC PATCH This Week

OpenRefine is a free, open source power tool for working with messy data and improving it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization RCE Path Traversal Openrefine
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-23512 HIGH This Week

Deserialization of Untrusted Data vulnerability in wpxpo ProductX - WooCommerce Builder & Gutenberg WooCommerce Blocks.1.4. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization WordPress Wowstore
NVD
CVSS 3.1
8.7
EPSS
0.4%
CVE-2023-46615 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in Kalli Dan. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Kd Coming Soon
NVD
CVSS 3.1
5.4
EPSS
5.6%
CVE-2024-24926 HIGH Act Now

Deserialization of Untrusted Data vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme.9.7.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Epss exploitation probability 42.1% and no vendor patch available.

Deserialization WordPress Brooklyn
NVD
CVSS 3.1
7.5
EPSS
42.1%
CVE-2024-24797 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed - Essential Real Estate Add-On.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Ere Recently Viewed
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-24796 HIGH This Week

Deserialization of Untrusted Data vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce - WpEvently - WordPress Plugin.1.1. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization WordPress Event Manager And Tickets Selling For Woocommerce
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-23513 HIGH This Week

Deserialization of Untrusted Data vulnerability in PropertyHive.0.5. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Propertyhive
NVD
CVSS 3.1
8.7
EPSS
0.5%
CVE-2024-25100 CRITICAL Act Now

Unauthenticated PHP object injection in the WP Swings Coupon Referral Program plugin for WordPress (versions up to and including 1.8.4) allows remote attackers to deliver crafted serialized payloads that the plugin deserializes, leading to full compromise with changed scope (CVSS 10.0). No public exploit has been identified at time of analysis, and EPSS sits at 0.83% (75th percentile) - moderate exploitation likelihood despite the maximum severity score. The vulnerability is not currently listed in CISA KEV.

Deserialization
NVD
CVSS 3.1
10.0
EPSS
0.8%
CVE-2024-1432 MEDIUM This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22 and classified as problematic.py. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Deepfacelab
NVD GitHub VulDB
CVSS 3.1
5.0
EPSS
0.6%
CVE-2024-1353 CRITICAL Act Now

A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP Phpems
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-24590 PyPI HIGH POC PATCH This Week

Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Clearml
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2024-0668 MEDIUM PATCH This Month

The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization PHP Information Disclosure WordPress Advanced Database Cleaner
NVD VulDB
CVSS 3.1
6.6
EPSS
0.5%
CVE-2023-6933 HIGH POC PATCH THREAT Act Now

PHP Object Injection in the Better Search Replace WordPress plugin (versions up to and including 1.4.4) allows remote unauthenticated attackers to inject arbitrary PHP objects through deserialization of untrusted input. While the plugin itself contains no POP chain, the presence of any additional plugin or theme on the same WordPress instance that introduces a usable POP gadget can escalate the bug to arbitrary file deletion, sensitive data disclosure, or remote code execution. Publicly available exploit code exists and the EPSS score of 93.40% (100th percentile) signals very high real-world exploitation probability.

PHP Deserialization WordPress Information Disclosure Better Search Replace
NVD VulDB
CVSS 3.1
8.8
EPSS
93.4%
Threat
6.1
CVE-2024-1225 CRITICAL Act Now

A vulnerability classified as critical was found in QiboSoft QiboCMS X1 up to 1.0.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP Qibocms X1
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-1198 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in openBI up to 6.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP Openbi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-22320 HIGH POC PATCH THREAT This Week

IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE IBM Operational Decision Manager
NVD
CVSS 3.1
8.8
EPSS
73.4%
CVE-2024-1032 CRITICAL Act Now

A vulnerability classified as critical was found in openBI up to 1.0.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP Openbi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-0960 PyPI CRITICAL Act Now

A vulnerability was found in flink-extended ai-flow 0.3.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Aiflow
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-0959 CRITICAL Act Now

A vulnerability was found in StanfordVL GibsonEnv 0.3.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Gibsonenv
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-20253 CRITICAL Act Now

A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Cisco Unified Communications Manager Unified Communications Manager Im And Presence Service +3
NVD
CVSS 3.1
10.0
EPSS
2.1%
CVE-2024-0937 PyPI CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in van_der_Schaar LAB synthcity 0.2.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Temporai
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-0936 PyPI HIGH POC This Week

A vulnerability classified as critical was found in van_der_Schaar LAB TemporAI 0.0.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Temporai
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-22309 HIGH This Week

Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.1.0. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Wpbot
NVD
CVSS 3.1
8.7
EPSS
0.3%
CVE-2024-22284 HIGH This Week

Deserialization of Untrusted Data vulnerability in Thomas Belser Asgaros Forum.7.2. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Asgaros Forum
NVD
CVSS 3.1
8.7
EPSS
0.7%
CVE-2024-23636 Maven CRITICAL PATCH Act Now

SOFARPC is a Java RPC framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Apache Java Sofarpc
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-23678 HIGH This Week

In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Splunk Deserialization Microsoft
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-0739 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in Hecheng Leadshop up to 1.4.20. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP Leadshop
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-45845 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in Nextend Smart Slider 3.5.1.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Smart Slider 3
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-45083 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content -. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Profilepress
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2024-0654 HIGH This Week

A vulnerability, which was classified as problematic, was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Deepfacelab
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-0603 CRITICAL Act Now

A vulnerability classified as critical has been found in ZhiCms up to 4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP Zhicms
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-7032 HIGH This Week

A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker logged in with a user level account to gain higher privileges by providing a harmful serialized object. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Easergy Studio
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-21318 HIGH PATCH This Month

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Microsoft RCE Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2023-52202 CRITICAL Act Now

Deserialization in HTML5 MP3 Player with Folder Feedburner Playlist Free WordPress plugin.

Deserialization
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2023-52206 HIGH This Week

Deserialization in Live Composer page builder WordPress plugin.

Deserialization
NVD
CVSS 3.1
7.7
EPSS
0.4%
CVE-2023-52205 CRITICAL Act Now

Insecure deserialization in HTML5 SoundCloud Player with Playlist Free WordPress plugin.

Deserialization
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2023-52200 CRITICAL Act Now

CSRF + deserialization chain in ARMember WordPress membership plugin.

Deserialization CSRF
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2023-6528 HIGH POC THREAT Act Now

The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.8%.

Deserialization WordPress RCE Slider Revolution
NVD WPScan
CVSS 3.1
8.8
EPSS
15.8%
CVE-2023-5235 HIGH This Week

The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does not limit which options can be updated via some of its AJAX actions, which may allow attackers with a subscriber+ account to update. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization WordPress Ovic Responsive Wpbakery WPBakery Page Builder
NVD WPScan
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-52207 CRITICAL Act Now

Insecure deserialization in HTML5 MP3 Player with Playlist Free WordPress plugin by SVNLabs.

Deserialization
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2023-52225 CRITICAL Act Now

Insecure deserialization in Tagbox UGC Galleries WordPress plugin. CVSS 10.0.

Deserialization
NVD
CVSS 3.1
10.0
EPSS
0.8%
CVE-2023-52219 CRITICAL Act Now

Insecure deserialization in Gecka Terms Thumbnails WordPress plugin through 1.1.

Deserialization
NVD
CVSS 3.1
9.9
EPSS
0.6%
CVE-2023-52218 CRITICAL Act Now

Insecure deserialization in WooCommerce Tranzila Payment Gateway plugin. CVSS 10.0.

Deserialization WordPress
NVD
CVSS 3.1
10.0
EPSS
0.8%
CVE-2024-0302 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in fhs-opensource iparking 1.5.22.RELEASE. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Iparking
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.2%
CVE-2023-49442 CRITICAL Emergency

Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 55.5% and no vendor patch available.

Deserialization RCE Jeecg
NVD
CVSS 3.1
9.8
EPSS
55.5%
CVE-2023-51785 Maven HIGH PATCH This Week

Deserialization of Untrusted Data vulnerability in Apache InLong.7.0 through 1.9.0, the attackers can make a arbitrary file read attack using mysql driver. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Deserialization Apache Inlong
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-50711 Cargo MEDIUM PATCH This Month

vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Deserialization Buffer Overflow Memory Corruption Vmm Sys Util
NVD GitHub
CVSS 3.1
5.7
EPSS
0.1%
CVE-2023-49777 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in YITH YITH WooCommerce Product Add-Ons.3.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization WordPress Yith Woocommerce Product Add Ons
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2023-52182 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in ARI Soft ARI Stream Quiz - WordPress Quizzes Builder.3.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization WordPress Ari Stream Quiz
NVD
CVSS 3.1
9.9
EPSS
0.4%
CVE-2023-52181 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Presslabs Theme per user.0.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Theme Per User
NVD
CVSS 3.1
10.0
EPSS
0.3%
CVE-2023-51545 CRITICAL Act Now

Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager & Career - Manage job board listings, and recruitments.4.4. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization CSRF Job Manager Career
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2023-51505 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for WooCommerce. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization WordPress Woot
NVD
CVSS 3.1
10.0
EPSS
0.6%
CVE-2023-51470 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre - Dating Site.11.1. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Rencontre
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2023-51422 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition.05.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Webinarignition
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2023-51414 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in EnvialoSimple EnvíaloSimple: Email Marketing y Newsletters.1. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Envialosimple
NVD
CVSS 3.1
9.6
EPSS
0.6%
CVE-2023-36381 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in Gesundheit Bewegt GmbH Zippy.6.5. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Zippy
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2023-32795 HIGH This Week

Deserialization of Untrusted Data vulnerability in WooCommerce Product Add-Ons.1.3. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization WordPress Product Addons
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2023-32513 HIGH This Week

Deserialization of Untrusted Data vulnerability in GiveWP GiveWP - Donation Plugin and Fundraising Platform.25.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Givewp
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-51700 CRITICAL PATCH Act Now

Unofficial Mobile BankID Integration for WordPress lets users employ Mobile BankID to authenticate themselves on your WordPress site. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE WordPress Deserialization Unofficial Mobile Bankid Integration
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-3171 HIGH This Week

A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Deserialization Jboss Enterprise Application Platform
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-49826 HIGH This Week

Deserialization of Untrusted Data vulnerability in PenciDesign Soledad - Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.4.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization WordPress Soledad
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-49778 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Hakan Demiray Sayfa Sayac.6. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Sayfa Sayac
NVD
CVSS 3.1
10.0
EPSS
0.6%
CVE-2023-32242 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme.0.36. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Deserialization Woodmart
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-51656 Maven CRITICAL PATCH Act Now

Deserialization of Untrusted Data vulnerability in Apache IoTDB.13.0 through 0.13.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Iotdb
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-47599 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in File Manager by Bit Form Team File Manager - 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager.2.7. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization WordPress File Manager
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-7018 PyPI HIGH POC PATCH This Week

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Deserialization Transformers
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-49773 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Tim Brattberg BCorp Shortcodes.23. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Bcorp Shortcodes
NVD
CVSS 3.1
10.0
EPSS
0.3%
CVE-2023-49772 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Phpbits Creative Studio Genesis Simple Love.0. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Genesis Simple Love
NVD
CVSS 3.1
10.0
EPSS
0.3%
CVE-2023-28782 HIGH This Week

Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Gravity Forms
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2023-47507 HIGH This Week

Deserialization of Untrusted Data vulnerability in Master Slider Master Slider Pro.6.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Master Slider Pro
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-46147 HIGH This Week

Deserialization of Untrusted Data vulnerability in Themify Themify Ultra.3.5. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Ultra
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2023-40555 HIGH This Week

Deserialization of Untrusted Data vulnerability in UX-themes Flatsome | Multi-Purpose Responsive WooCommerce Theme.17.5. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization WordPress Flatsome
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2023-34382 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in weDevs Dokan - Best WooCommerce Multivendor Marketplace Solution - Build Your Own Amazon, eBay, Etsy.7.19. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization WordPress Dokan
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-34027 HIGH This Week

Deserialization of Untrusted Data vulnerability in Rajnish Arora Recently Viewed Products.0.0. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Recently Viewed Products
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2023-37390 HIGH This Week

Deserialization of Untrusted Data vulnerability in Themesflat Themesflat Addons For Elementor.0.0. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Themesflat Addons For Elementor Elementor
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2023-6730 PyPI HIGH POC PATCH This Week

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Deserialization Transformers
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-49819 HIGH This Week

Deserialization of Untrusted Data vulnerability in Gordon Böhme, Antonio Leutsch Structured Content (JSON-LD) #wpsc.5.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Structured Content
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-46154 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in E2Pdf.Com E2Pdf - Export To Pdf Tool for WordPress.20.18. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization WordPress E2pdf
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2023-5886 HIGH POC This Week

The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Deserialization CSRF Export Any Wordpress Data To Xml Csv +1
NVD WPScan
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-46279 Maven CRITICAL PATCH Act Now

Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Dubbo
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-29234 Maven CRITICAL PATCH Act Now

A deserialization vulnerability existed when decode a malicious package.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Dubbo
NVD
CVSS 3.1
9.8
EPSS
7.4%
CVE-2023-50252 CRITICAL POC PATCH THREAT Act Now

php-svg-lib is an SVG file parsing / rendering library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Deserialization Php Svg Lib
NVD GitHub
CVSS 3.1
9.8
EPSS
23.9%
CVE-2023-6656 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Deepfacelab
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-6654 PHP HIGH This Week

A vulnerability classified as critical was found in PHPEMS 6.x/7.x/8.x/9.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Deserialization Phpems
NVD VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-6580 HIGH POC This Week

A vulnerability, which was classified as critical, was found in D-Link DIR-846 FW100A53DBR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Deserialization Dir 846 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
2.3%
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Deserialization of Untrusted Data vulnerability in Apache Camel SQL Component0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization Apache Camel
NVD
EPSS 34% CVSS 9.8
CRITICAL POC THREAT Act Now

Torrentpier version 2.4.1 allows executing arbitrary commands on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Torrentpier
NVD GitHub
EPSS 3% CVSS 8.8
HIGH KEV THREAT This Week

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Oracle Agile Product Lifecycle Management
NVD
EPSS 82% CVSS 8.0
HIGH PATCH This Week

SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Access Rights Manager
NVD
EPSS 48% CVSS 9.8
CRITICAL POC THREAT Emergency

Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE File Upload +1
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

OpenRefine is a free, open source power tool for working with messy data and improving it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization RCE Path Traversal +1
NVD GitHub
EPSS 0% CVSS 8.7
HIGH This Week

Deserialization of Untrusted Data vulnerability in wpxpo ProductX - WooCommerce Builder & Gutenberg WooCommerce Blocks.1.4. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization WordPress Wowstore
NVD
EPSS 6% CVSS 5.4
MEDIUM This Month

Deserialization of Untrusted Data vulnerability in Kalli Dan. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Kd Coming Soon
NVD
EPSS 42% CVSS 7.5
HIGH Act Now

Deserialization of Untrusted Data vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme.9.7.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Epss exploitation probability 42.1% and no vendor patch available.

Deserialization WordPress Brooklyn
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed - Essential Real Estate Add-On.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Ere Recently Viewed
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Deserialization of Untrusted Data vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce - WpEvently - WordPress Plugin.1.1. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization WordPress Event Manager And Tickets Selling For Woocommerce
NVD
EPSS 1% CVSS 8.7
HIGH This Week

Deserialization of Untrusted Data vulnerability in PropertyHive.0.5. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Propertyhive
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Unauthenticated PHP object injection in the WP Swings Coupon Referral Program plugin for WordPress (versions up to and including 1.8.4) allows remote attackers to deliver crafted serialized payloads that the plugin deserializes, leading to full compromise with changed scope (CVSS 10.0). No public exploit has been identified at time of analysis, and EPSS sits at 0.83% (75th percentile) - moderate exploitation likelihood despite the maximum severity score. The vulnerability is not currently listed in CISA KEV.

Deserialization
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22 and classified as problematic.py. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Deepfacelab
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP Phpems
NVD VulDB
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization RCE Clearml
NVD
EPSS 1% CVSS 6.6
MEDIUM PATCH This Month

The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization PHP Information Disclosure +2
NVD VulDB
EPSS 93% 6.1 CVSS 8.8
HIGH POC PATCH THREAT Act Now

PHP Object Injection in the Better Search Replace WordPress plugin (versions up to and including 1.4.4) allows remote unauthenticated attackers to inject arbitrary PHP objects through deserialization of untrusted input. While the plugin itself contains no POP chain, the presence of any additional plugin or theme on the same WordPress instance that introduces a usable POP gadget can escalate the bug to arbitrary file deletion, sensitive data disclosure, or remote code execution. Publicly available exploit code exists and the EPSS score of 93.40% (100th percentile) signals very high real-world exploitation probability.

PHP Deserialization WordPress +2
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability classified as critical was found in QiboSoft QiboCMS X1 up to 1.0.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP Qibocms X1
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability, which was classified as critical, was found in openBI up to 6.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP Openbi
NVD VulDB
EPSS 73% CVSS 8.8
HIGH POC PATCH THREAT This Week

IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE IBM +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability classified as critical was found in openBI up to 1.0.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP Openbi
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability was found in flink-extended ai-flow 0.3.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Aiflow
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability was found in StanfordVL GibsonEnv 0.3.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Gibsonenv
NVD GitHub VulDB
EPSS 2% CVSS 10.0
CRITICAL Act Now

A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Cisco +5
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in van_der_Schaar LAB synthcity 0.2.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Temporai
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability classified as critical was found in van_der_Schaar LAB TemporAI 0.0.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Temporai
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH This Week

Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.1.0. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Wpbot
NVD
EPSS 1% CVSS 8.7
HIGH This Week

Deserialization of Untrusted Data vulnerability in Thomas Belser Asgaros Forum.7.2. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Asgaros Forum
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

SOFARPC is a Java RPC framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Apache Java +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Splunk Deserialization Microsoft
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability, which was classified as critical, was found in Hecheng Leadshop up to 1.4.20. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP Leadshop
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Deserialization of Untrusted Data vulnerability in Nextend Smart Slider 3.5.1.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Smart Slider 3
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content -. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Profilepress
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability, which was classified as problematic, was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Deepfacelab
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability classified as critical has been found in ZhiCms up to 4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP Zhicms
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker logged in with a user level account to gain higher privileges by providing a harmful serialized object. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Easergy Studio
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Month

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Microsoft RCE +1
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

Deserialization in HTML5 MP3 Player with Folder Feedburner Playlist Free WordPress plugin.

Deserialization
NVD
EPSS 0% CVSS 7.7
HIGH This Week

Deserialization in Live Composer page builder WordPress plugin.

Deserialization
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

Insecure deserialization in HTML5 SoundCloud Player with Playlist Free WordPress plugin.

Deserialization
NVD
EPSS 0% CVSS 9.6
CRITICAL Act Now

CSRF + deserialization chain in ARMember WordPress membership plugin.

Deserialization CSRF
NVD
EPSS 16% CVSS 8.8
HIGH POC THREAT Act Now

The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.8%.

Deserialization WordPress RCE +1
NVD WPScan
EPSS 1% CVSS 8.8
HIGH This Week

The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does not limit which options can be updated via some of its AJAX actions, which may allow attackers with a subscriber+ account to update. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization WordPress Ovic Responsive Wpbakery +1
NVD WPScan
EPSS 0% CVSS 9.1
CRITICAL Act Now

Insecure deserialization in HTML5 MP3 Player with Playlist Free WordPress plugin by SVNLabs.

Deserialization
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Insecure deserialization in Tagbox UGC Galleries WordPress plugin. CVSS 10.0.

Deserialization
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

Insecure deserialization in Gecka Terms Thumbnails WordPress plugin through 1.1.

Deserialization
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Insecure deserialization in WooCommerce Tranzila Payment Gateway plugin. CVSS 10.0.

Deserialization WordPress
NVD
EPSS 0% CVSS 6.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in fhs-opensource iparking 1.5.22.RELEASE. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Iparking
NVD GitHub VulDB
EPSS 56% CVSS 9.8
CRITICAL Emergency

Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 55.5% and no vendor patch available.

Deserialization RCE Jeecg
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Deserialization of Untrusted Data vulnerability in Apache InLong.7.0 through 1.9.0, the attackers can make a arbitrary file read attack using mysql driver. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Deserialization Apache Inlong
NVD
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Deserialization Buffer Overflow Memory Corruption +1
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in YITH YITH WooCommerce Product Add-Ons.3.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization WordPress Yith Woocommerce Product Add Ons
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in ARI Soft ARI Stream Quiz - WordPress Quizzes Builder.3.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization WordPress Ari Stream Quiz
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Presslabs Theme per user.0.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Theme Per User
NVD
EPSS 0% CVSS 9.6
CRITICAL Act Now

Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager & Career - Manage job board listings, and recruitments.4.4. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization CSRF Job Manager Career
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for WooCommerce. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization WordPress Woot
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre - Dating Site.11.1. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Rencontre
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition.05.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Webinarignition
NVD
EPSS 1% CVSS 9.6
CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in EnvialoSimple EnvíaloSimple: Email Marketing y Newsletters.1. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Envialosimple
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Deserialization of Untrusted Data vulnerability in Gesundheit Bewegt GmbH Zippy.6.5. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Zippy
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Deserialization of Untrusted Data vulnerability in WooCommerce Product Add-Ons.1.3. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization WordPress Product Addons
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Deserialization of Untrusted Data vulnerability in GiveWP GiveWP - Donation Plugin and Fundraising Platform.25.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Givewp
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Unofficial Mobile BankID Integration for WordPress lets users employ Mobile BankID to authenticate themselves on your WordPress site. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE WordPress Deserialization +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Deserialization Jboss Enterprise Application Platform
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Deserialization of Untrusted Data vulnerability in PenciDesign Soledad - Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.4.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization WordPress Soledad
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Hakan Demiray Sayfa Sayac.6. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Sayfa Sayac
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme.0.36. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Deserialization Woodmart
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Deserialization of Untrusted Data vulnerability in Apache IoTDB.13.0 through 0.13.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Iotdb
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Deserialization of Untrusted Data vulnerability in File Manager by Bit Form Team File Manager - 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager.2.7. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization WordPress File Manager
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Deserialization Transformers
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Tim Brattberg BCorp Shortcodes.23. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Bcorp Shortcodes
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Phpbits Creative Studio Genesis Simple Love.0. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Genesis Simple Love
NVD
EPSS 0% CVSS 8.3
HIGH This Week

Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Gravity Forms
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Deserialization of Untrusted Data vulnerability in Master Slider Master Slider Pro.6.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Master Slider Pro
NVD
EPSS 0% CVSS 7.4
HIGH This Week

Deserialization of Untrusted Data vulnerability in Themify Themify Ultra.3.5. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Ultra
NVD
EPSS 0% CVSS 8.3
HIGH This Week

Deserialization of Untrusted Data vulnerability in UX-themes Flatsome | Multi-Purpose Responsive WooCommerce Theme.17.5. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization WordPress Flatsome
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Deserialization of Untrusted Data vulnerability in weDevs Dokan - Best WooCommerce Multivendor Marketplace Solution - Build Your Own Amazon, eBay, Etsy.7.19. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization WordPress Dokan
NVD
EPSS 0% CVSS 8.3
HIGH This Week

Deserialization of Untrusted Data vulnerability in Rajnish Arora Recently Viewed Products.0.0. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Recently Viewed Products
NVD
EPSS 0% CVSS 8.3
HIGH This Week

Deserialization of Untrusted Data vulnerability in Themesflat Themesflat Addons For Elementor.0.0. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Themesflat Addons For Elementor Elementor
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Deserialization Transformers
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Deserialization of Untrusted Data vulnerability in Gordon Böhme, Antonio Leutsch Structured Content (JSON-LD) #wpsc.5.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Structured Content
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Deserialization of Untrusted Data vulnerability in E2Pdf.Com E2Pdf - Export To Pdf Tool for WordPress.20.18. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization WordPress E2pdf
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Deserialization +3
NVD WPScan
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Dubbo
NVD
EPSS 7% CVSS 9.8
CRITICAL PATCH Act Now

A deserialization vulnerability existed when decode a malicious package.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Dubbo
NVD
EPSS 24% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

php-svg-lib is an SVG file parsing / rendering library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Deserialization Php Svg Lib
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization Deepfacelab
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH This Week

A vulnerability classified as critical was found in PHPEMS 6.x/7.x/8.x/9.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Deserialization Phpems
NVD VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability, which was classified as critical, was found in D-Link DIR-846 FW100A53DBR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Deserialization Dir 846 Firmware
NVD GitHub VulDB
Prev Page 19 of 30 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy