Total
1329 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2442 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2024-01-11 | 7.2 High |
| The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to deserialization of untrusted input via the 'path' parameter in versions up to, and including 0.9.74. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload. | ||||
| CVE-2023-49442 | 1 Jeecg | 1 Jeecg | 2024-01-10 | 9.8 Critical |
| Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request. | ||||
| CVE-2023-51785 | 1 Apache | 1 Inlong | 2024-01-09 | 7.5 High |
| Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.9.0, the attackers can make a arbitrary file read attack using mysql driver. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/9331 | ||||
| CVE-2019-12799 | 1 Shopware | 1 Shopware | 2024-01-09 | 8.8 High |
| In createInstanceFromNamedArguments in Shopware through 5.6.x, a crafted web request can trigger a PHP object instantiation vulnerability, which can result in an arbitrary deserialization if the right class is instantiated. An attacker can leverage this deserialization to achieve remote code execution. NOTE: this issue is a bypass for a CVE-2017-18357 whitelist patch. | ||||
| CVE-2013-1465 | 1 Cubecart | 1 Cubecart | 2024-01-09 | 9.8 Critical |
| The Cubecart::_basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config object. | ||||
| CVE-2015-8103 | 2 Jenkins, Redhat | 2 Jenkins, Openshift Container Platform | 2024-01-09 | 9.8 Critical |
| The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'". | ||||
| CVE-2023-29300 | 1 Adobe | 1 Coldfusion | 2024-01-09 | 9.8 Critical |
| Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. | ||||
| CVE-2023-38203 | 1 Adobe | 1 Coldfusion | 2024-01-09 | 9.8 Critical |
| Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. | ||||
| CVE-2023-49777 | 1 Yithemes | 1 Yith Woocommerce Product Add-ons | 2024-01-08 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in YITH YITH WooCommerce Product Add-Ons.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.3.0. | ||||
| CVE-2018-8013 | 4 Apache, Canonical, Debian and 1 more | 21 Batik, Ubuntu Linux, Debian Linux and 18 more | 2024-01-07 | N/A |
| In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization. | ||||
| CVE-2023-52181 | 1 Presslabs | 1 Theme Per User | 2024-01-05 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Presslabs Theme per user.This issue affects Theme per user: from n/a through 1.0.1. | ||||
| CVE-2023-52182 | 1 Ari-soft | 1 Ari Stream Quiz | 2024-01-05 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in ARI Soft ARI Stream Quiz – WordPress Quizzes Builder.This issue affects ARI Stream Quiz – WordPress Quizzes Builder: from n/a through 1.3.0. | ||||
| CVE-2023-51545 | 1 Themehigh | 1 Job Manager \& Career | 2024-01-05 | 8.8 High |
| Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager & Career – Manage job board listings, and recruitments.This issue affects Job Manager & Career – Manage job board listings, and recruitments: from n/a through 1.4.4. | ||||
| CVE-2023-51414 | 1 Donweb | 1 Envialosimple\ | 2024-01-05 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in EnvialoSimple EnvíaloSimple: Email Marketing y Newsletters.This issue affects EnvíaloSimple: Email Marketing y Newsletters: from n/a through 2.1. | ||||
| CVE-2023-51422 | 1 Saleswonder | 1 Webinarignition | 2024-01-05 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition.This issue affects Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition: from n/a through 3.05.0. | ||||
| CVE-2023-51470 | 1 Boiteasite | 1 Rencontre | 2024-01-05 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.11.1. | ||||
| CVE-2023-49773 | 1 Bcorp Shortcodes Project | 1 Bcorp Shortcodes | 2024-01-05 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Tim Brattberg BCorp Shortcodes.This issue affects BCorp Shortcodes: from n/a through 0.23. | ||||
| CVE-2023-32513 | 1 Givewp | 1 Givewp | 2024-01-04 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.3. | ||||
| CVE-2023-32795 | 1 Woocommerce | 1 Product Addons | 2024-01-04 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in WooCommerce Product Add-Ons.This issue affects Product Add-Ons: from n/a through 6.1.3. | ||||
| CVE-2023-36381 | 1 Gesundheit-bewegt | 1 Zippy | 2024-01-04 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Gesundheit Bewegt GmbH Zippy.This issue affects Zippy: from n/a through 1.6.5. | ||||