Skip to main content

Deserialization

2663 CVEs technique

Monthly

CVE-2023-49297 PyPI HIGH POC PATCH This Week

PyDrive2 is a wrapper library of google-api-python-client that simplifies many common Google Drive API V2 tasks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Python Google Deserialization Pydrive2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-46674 Maven HIGH PATCH This Week

An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java Elastic Deserialization Elasticsearch
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-48967 Maven CRITICAL POC Act Now

Ssolon <= 2.6.0 and <=2.5.12 is vulnerable to Deserialization of Untrusted Data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Solon
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-48887 Maven CRITICAL POC PATCH Act Now

A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Jupiter
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-48886 CRITICAL POC Act Now

A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Nettyrpc
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-47207 CRITICAL Act Now

In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute code with local administrator privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Infrasuite Device Master
NVD
CVSS 3.1
9.8
EPSS
16.6%
CVE-2023-48952 HIGH POC This Week

An issue in the box_deserialize_reusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Deserialization Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-6378 Maven HIGH PATCH This Week

A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Logback
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-2497 HIGH This Week

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP WordPress CSRF Userpro
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-46990 CRITICAL POC Act Now

Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Publiccms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-46302 PyPI CRITICAL POC PATCH Act Now

Apache Software Foundation Apache Submarine has a bug when serializing against yaml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Apache Deserialization Submarine
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-44353 CRITICAL POC THREAT Act Now

Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Deserialization Coldfusion
NVD
CVSS 3.1
9.8
EPSS
80.2%
CVE-2023-44351 CRITICAL Act Now

Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Deserialization Coldfusion
NVD
CVSS 3.1
9.8
EPSS
50.2%
CVE-2023-44350 CRITICAL Act Now

Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Deserialization Coldfusion
NVD
CVSS 3.1
9.8
EPSS
64.6%
CVE-2023-47130 PHP CRITICAL PATCH Act Now

Yii is an open source PHP web framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE PHP Deserialization Yii
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2023-38177 MEDIUM PATCH This Month

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
6.8
EPSS
3.4%
CVE-2023-36439 HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
4.9%
CVE-2023-36050 HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
39.2%
CVE-2023-36039 HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
73.0%
CVE-2023-36035 HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
86.6%
CVE-2023-47248 PyPI CRITICAL POC PATCH THREAT Act Now

Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache RCE Deserialization Pyarrow
NVD GitHub
CVSS 3.1
9.8
EPSS
14.4%
CVE-2023-39913 Maven HIGH PATCH This Week

Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.5.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Java Apache Checkpoint +1
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-46817 CRITICAL POC Act Now

An issue was discovered in phpFox before 4.8.14. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Deserialization Phpfox
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-47204 PyPI CRITICAL PATCH Act Now

Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Python Deserialization Transmute Core
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1714 HIGH POC This Week

Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via (1) appending arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Deserialization Bitrix24
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-47174 CRITICAL Act Now

Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java RCE Deserialization Sftp Gateway Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-45672 HIGH POC This Week

Frigate is an open source network video recorder. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Deserialization Frigate
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-5583 HIGH POC This Week

The WP Simple Galleries plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.34 via deserialization of untrusted input from the 'wpsimplegallery_gallery'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Deserialization PHP Information Disclosure Wp Simple Galleries
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-40121 MEDIUM PATCH This Month

In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

SQLi Information Disclosure Deserialization Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-46604 Maven CRITICAL POC KEV EUVD KEV PATCH THREAT Act Now

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Deserialization Activemq Activemq Legacy Openwire Module Debian Linux +3
NVD
CVSS 3.1
9.8
EPSS
99.7%
CVE-2023-4386 HIGH This Week

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization PHP Information Disclosure WordPress Essential Blocks
NVD VulDB
CVSS 3.1
8.1
EPSS
4.0%
CVE-2022-3342 HIGH PATCH This Week

The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to, and including,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization WordPress Jetpack Crm
NVD VulDB
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-4402 HIGH POC This Week

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

WordPress Deserialization PHP Information Disclosure Essential Blocks +1
NVD VulDB
CVSS 3.1
8.1
EPSS
2.9%
CVE-2023-39680 CRITICAL Act Now

Sollace Unicopia version 1.1.1 and before was discovered to deserialize untrusted data, allowing attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Unicopia
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-34052 HIGH PATCH This Week

VMware Aria Operations for Logs contains a deserialization vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Authentication Bypass VMware Deserialization Aria Operations For Logs
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-35186 HIGH This Week

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Access Rights Manager
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2023-35184 CRITICAL Act Now

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Access Rights Manager
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-35182 CRITICAL Act Now

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Access Rights Manager
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-35180 HIGH This Week

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Access Rights Manager
NVD
CVSS 3.1
8.8
EPSS
27.4%
CVE-2023-46227 Maven HIGH PATCH This Week

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.8.0, the attacker can use \t to bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Inlong
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-34050 MEDIUM This Month

In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Deserialization Spring Advanced Message Queuing Protocol
NVD
CVSS 3.1
4.3
EPSS
1.5%
CVE-2023-45146 Maven CRITICAL Act Now

XXL-RPC is a high performance, distributed RPC framework. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Xxl Rpc
NVD GitHub
CVSS 3.1
10.0
EPSS
1.0%
CVE-2023-35084 CRITICAL Act Now

Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Deserialization Endpoint Manager
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2023-4971 HIGH POC This Week

The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Deserialization Weaver Xtreme Theme Support
NVD WPScan
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-3154 HIGH POC This Week

The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Deserialization Nextgen Gallery
NVD WPScan
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-23930 PyPI HIGH POC PATCH This Week

vantage6 is privacy preserving federated learning infrastructure. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Deserialization Vantage6
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-44392 CRITICAL PATCH Act Now

Garden provides automation for Kubernetes development and testing. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Kubernetes RCE Code Injection Deserialization Garden
NVD GitHub
CVSS 3.1
9.0
EPSS
0.7%
CVE-2023-43981 CRITICAL PATCH Act Now

Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a deserialization vulnerability via the component delete_excluded_folder.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

PHP Deserialization Test Site Creator
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-42809 Maven HIGH POC PATCH This Week

Redisson is a Java Redis client that uses the Netty framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Redis Deserialization Redisson
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-5391 CRITICAL Act Now

A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Ecostruxure Power Monitoring Expert Ecostruxure Power Operation With Advanced Reports Ecostruxure Power Scada Operation With Advanced Reports
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-43176 HIGH POC This Week

A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Aurora Files
NVD VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-43268 HIGH POC This Week

Deyue Remote Vehicle Management System v1.1 was discovered to contain a deserialization vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Deyue Remote Vehicle Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-39410 LIB HIGH PATCH This Week

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.11.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Apache Deserialization Avro
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2023-44273 Go CRITICAL PATCH Act Now

Consensys gnark-crypto through 0.11.2 allows Signature Malleability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Gnark Crypto
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-5183 HIGH This Week

Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Core Policy Compute Engine
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-43291 CRITICAL POC Act Now

Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to execute arbitrary code via the cache.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Deserialization Emlog
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-40044 HIGH POC KEV THREAT Act Now

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Ws Ftp Server
NVD
CVSS 3.1
8.8
EPSS
90.1%
CVE-2023-40619 CRITICAL Act Now

phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP Deserialization Phppgadmin
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-5016 CRITICAL POC Act Now

A vulnerability was found in spider-flow up to 0.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Deserialization Spider Flow
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-32665 MEDIUM This Month

A flaw was found in GLib. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Deserialization Glib
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-32643 HIGH This Week

A flaw was found in GLib. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Deserialization Heap Overflow Glib
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-32636 HIGH This Week

A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Deserialization Glib
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-32611 MEDIUM This Month

A flaw was found in GLib. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization Denial Of Service Glib
NVD VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-29499 HIGH This Week

A flaw was found in GLib. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Deserialization Glib
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-38204 CRITICAL Act Now

Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Deserialization Coldfusion
NVD
CVSS 3.1
9.8
EPSS
65.5%
CVE-2023-41331 CRITICAL Act Now

SOFARPC is a Java RPC framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Deserialization Sofarpc
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-38155 HIGH PATCH This Week

Azure DevOps Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Azure Devops Server
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2023-36777 MEDIUM POC PATCH THREAT This Month

Microsoft Exchange Server Information Disclosure Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft Information Disclosure Deserialization Exchange Server
NVD
CVSS 3.1
5.7
EPSS
81.2%
CVE-2023-36757 HIGH PATCH This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
68.6%
CVE-2023-36756 HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
74.7%
CVE-2023-36745 HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available.

RCE Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
81.1%
CVE-2023-36744 HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
81.7%
CVE-2023-36736 MEDIUM PATCH This Month

Microsoft Identity Linux Broker Remote Code Execution Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Identity Linux Broker
NVD
CVSS 3.1
4.4
EPSS
1.7%
CVE-2023-35669 HIGH PATCH This Week

In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to control other running activities due to unsafe deserialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Privilege Escalation Deserialization Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-4528 HIGH This Week

Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Microsoft Apple Deserialization Jscape Mft
NVD
CVSS 3.1
7.2
EPSS
27.1%
CVE-2023-41330 PHP CRITICAL POC PATCH Act Now

knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP Deserialization Snappy
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-0925 CRITICAL Act Now

Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry (listening on TCP port 2099 by default) and two RMI interfaces (listening on a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Microsoft Deserialization Webmethods
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-37941 PyPI MEDIUM POC PATCH THREAT This Month

If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Apache Python Deserialization Superset
NVD GitHub
CVSS 3.1
6.6
EPSS
29.2%
CVE-2023-30534 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Deserialization Cacti Fedora
NVD GitHub
CVSS 3.1
4.3
EPSS
2.6%
CVE-2023-28072 HIGH This Week

Dell Alienware Command Center, versions prior to 5.5.51.0, contain a deserialization of untrusted data vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Deserialization Alienware Command Center
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-40595 HIGH This Week

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk RCE Deserialization Splunk Cloud Platform
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-40195 PyPI HIGH PATCH This Week

Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Apache RCE Deserialization Airflow Spark Provider
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-40571 CRITICAL Act Now

weblogic-framework is a tool for detecting weblogic vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Oracle Deserialization Weblogic Framework
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-24621 Maven HIGH POC This Week

An issue was discovered in Esoteric YamlBeans through 1.15. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Deserialization Yamlbeans
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-34040 Maven HIGH PATCH This Week

In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java Apache Deserialization Spring For Apache Kafka
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2023-39106 Maven HIGH POC This Week

An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor() component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Deserialization Nacos Spring Project
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-3259 CRITICAL Act Now

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Deserialization Iboot Pdu4A C10 Firmware Iboot Pdu4A C20 Firmware Iboot Pdu4A N15 Firmware +19
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-39396 HIGH This Week

Deserialization vulnerability in the input module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Deserialization Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-38182 HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.0
EPSS
11.1%
CVE-2023-38181 HIGH PATCH This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft Deserialization Exchange Server
NVD
CVSS 3.1
8.8
EPSS
16.8%
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

PyDrive2 is a wrapper library of google-api-python-client that simplifies many common Google Drive API V2 tasks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Python Google +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java Elastic Deserialization +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Ssolon <= 2.6.0 and <=2.5.12 is vulnerable to Deserialization of Untrusted Data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Solon
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Jupiter
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Nettyrpc
NVD GitHub
EPSS 17% CVSS 9.8
CRITICAL Act Now

In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an unauthenticated attacker to execute code with local administrator privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Infrasuite Device Master
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue in the box_deserialize_reusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Deserialization Virtuoso
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Logback
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP WordPress +2
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Publiccms
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

Apache Software Foundation Apache Submarine has a bug when serializing against yaml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Apache Deserialization +1
NVD GitHub
EPSS 80% CVSS 9.8
CRITICAL POC THREAT Act Now

Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Deserialization +1
NVD
EPSS 50% CVSS 9.8
CRITICAL Act Now

Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Deserialization +1
NVD
EPSS 65% CVSS 9.8
CRITICAL Act Now

Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Deserialization +1
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Yii is an open source PHP web framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE PHP Deserialization +1
NVD GitHub
EPSS 3% CVSS 6.8
MEDIUM PATCH This Month

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization +2
NVD
EPSS 5% CVSS 8.0
HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization +1
NVD
EPSS 39% CVSS 8.0
HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft Deserialization Exchange Server
NVD
EPSS 73% CVSS 8.0
HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft Deserialization Exchange Server
NVD
EPSS 87% CVSS 8.0
HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft Deserialization Exchange Server
NVD
EPSS 14% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache RCE Deserialization +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.5.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Java +3
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in phpFox before 4.8.14. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Deserialization Phpfox
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Python Deserialization Transmute Core
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via (1) appending arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Deserialization +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java RCE Deserialization +1
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

Frigate is an open source network video recorder. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Deserialization Frigate
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

The WP Simple Galleries plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.34 via deserialization of untrusted input from the 'wpsimplegallery_gallery'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Deserialization PHP +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

SQLi Information Disclosure Deserialization +1
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV EUVD KEV PATCH THREAT Act Now

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Deserialization Activemq +5
NVD
EPSS 4% CVSS 8.1
HIGH This Week

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization PHP Information Disclosure +2
NVD VulDB
EPSS 2% CVSS 7.5
HIGH PATCH This Week

The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to, and including,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization WordPress Jetpack Crm
NVD VulDB
EPSS 3% CVSS 8.1
HIGH POC This Week

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

WordPress Deserialization PHP +3
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

Sollace Unicopia version 1.1.1 and before was discovered to deserialize untrusted data, allowing attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Unicopia
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

VMware Aria Operations for Logs contains a deserialization vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Authentication Bypass VMware Deserialization +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Access Rights Manager
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Access Rights Manager
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Access Rights Manager
NVD
EPSS 27% CVSS 8.8
HIGH This Week

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Access Rights Manager
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.8.0, the attacker can use \t to bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Inlong
NVD
EPSS 2% CVSS 4.3
MEDIUM This Month

In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Deserialization Spring Advanced Message Queuing Protocol
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

XXL-RPC is a high performance, distributed RPC framework. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Xxl Rpc
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL Act Now

Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Deserialization Endpoint Manager
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Deserialization +1
NVD WPScan
EPSS 1% CVSS 7.5
HIGH POC This Week

The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Deserialization Nextgen Gallery
NVD WPScan
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

vantage6 is privacy preserving federated learning infrastructure. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Deserialization Vantage6
NVD GitHub
EPSS 1% CVSS 9.0
CRITICAL PATCH Act Now

Garden provides automation for Kubernetes development and testing. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Kubernetes RCE Code Injection +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a deserialization vulnerability via the component delete_excluded_folder.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

PHP Deserialization Test Site Creator
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Redisson is a Java Redis client that uses the Netty framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java RCE Redis +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Ecostruxure Power Monitoring Expert +2
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Aurora Files
NVD VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

Deyue Remote Vehicle Management System v1.1 was discovered to contain a deserialization vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Deyue Remote Vehicle Management System
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.11.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Apache Deserialization +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Consensys gnark-crypto through 0.11.2 allows Signature Malleability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Gnark Crypto
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Core Policy Compute Engine
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to execute arbitrary code via the cache.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Deserialization +1
NVD GitHub
EPSS 90% CVSS 8.8
HIGH POC KEV THREAT Act Now

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Ws Ftp Server
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP Deserialization +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability was found in spider-flow up to 0.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Deserialization Spider Flow
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A flaw was found in GLib. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Deserialization Glib
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A flaw was found in GLib. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Deserialization Heap Overflow +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Deserialization Glib
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A flaw was found in GLib. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization Denial Of Service Glib
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

A flaw was found in GLib. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Deserialization Glib
NVD
EPSS 65% CVSS 9.8
CRITICAL Act Now

Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Deserialization +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

SOFARPC is a Java RPC framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Deserialization Sofarpc
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Azure DevOps Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization +1
NVD
EPSS 81% CVSS 5.7
MEDIUM POC PATCH THREAT This Month

Microsoft Exchange Server Information Disclosure Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft Information Disclosure Deserialization +1
NVD
EPSS 69% CVSS 8.0
HIGH PATCH This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft Deserialization Exchange Server
NVD
EPSS 75% CVSS 8.0
HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization +1
NVD
EPSS 81% CVSS 8.0
HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available.

RCE Microsoft Deserialization +1
NVD
EPSS 82% CVSS 8.0
HIGH POC PATCH THREAT This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization +1
NVD
EPSS 2% CVSS 4.4
MEDIUM PATCH This Month

Microsoft Identity Linux Broker Remote Code Execution Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to control other running activities due to unsafe deserialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Privilege Escalation Deserialization Android
NVD
EPSS 27% CVSS 7.2
HIGH This Week

Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Microsoft Apple +2
NVD
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP Deserialization +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry (listening on TCP port 2099 by default) and two RMI interfaces (listening on a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Microsoft Deserialization +1
NVD
EPSS 29% CVSS 6.6
MEDIUM POC PATCH THREAT This Month

If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Apache Python +2
NVD GitHub
EPSS 3% CVSS 4.3
MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Deserialization Cacti +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Dell Alienware Command Center, versions prior to 5.5.51.0, contain a deserialization of untrusted data vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Deserialization +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk RCE Deserialization +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Apache RCE Deserialization +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

weblogic-framework is a tool for detecting weblogic vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Oracle Deserialization +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

An issue was discovered in Esoteric YamlBeans through 1.15. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Deserialization Yamlbeans
NVD GitHub
EPSS 2% CVSS 7.8
HIGH PATCH This Week

In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java Apache Deserialization +1
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor() component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Deserialization +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Deserialization Iboot Pdu4A C10 Firmware +21
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Deserialization vulnerability in the input module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Deserialization +2
NVD
EPSS 11% CVSS 8.0
HIGH PATCH This Week

Microsoft Exchange Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization +1
NVD
EPSS 17% CVSS 8.8
HIGH PATCH This Week

Microsoft Exchange Server Spoofing Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft Deserialization Exchange Server
NVD
Prev Page 20 of 30 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy