Total
1329 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-51700 | 1 Jamieblomerus | 1 Unofficial Mobile Bankid Integration | 2024-01-04 | 9.8 Critical |
| Unofficial Mobile BankID Integration for WordPress lets users employ Mobile BankID to authenticate themselves on your WordPress site. Prior to 1.0.1, WP-Mobile-BankID-Integration is affected by a vulnerability classified as a Deserialization of Untrusted Data vulnerability, specifically impacting scenarios where an attacker can manipulate the database. If unauthorized actors gain access to the database, they could exploit this vulnerability to execute object injection attacks. This could lead to unauthorized code execution, data manipulation, or data exfiltration within the WordPress environment. Users of the plugin should upgrade to version 1.0.1 (or later), where the serialization and deserialization of OrderResponse objects have been switched out to an array stored as JSON. A possible workaround for users unable to upgrade immediately is to enforce stricter access controls on the database, ensuring that only trusted and authorized entities can modify data. Additionally, implementing monitoring tools to detect unusual database activities could help identify and mitigate potential exploitation attempts. | ||||
| CVE-2022-34268 | 1 Rws | 1 Worldserver | 2024-01-03 | 9.8 Critical |
| An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host. | ||||
| CVE-2023-51656 | 1 Apache | 1 Iotdb | 2024-01-02 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended to upgrade to version 1.2.2, which fixes the issue. | ||||
| CVE-2023-49819 | 1 Wpsc-plugin | 1 Structured Content | 2024-01-02 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Gordon Böhme, Antonio Leutsch Structured Content (JSON-LD) #wpsc.This issue affects Structured Content (JSON-LD) #wpsc: from n/a through 1.5.3. | ||||
| CVE-2020-17144 | 1 Microsoft | 1 Exchange Server | 2023-12-31 | 8.4 High |
| Microsoft Exchange Remote Code Execution Vulnerability | ||||
| CVE-2023-7018 | 1 Huggingface | 1 Transformers | 2023-12-30 | 7.8 High |
| Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. | ||||
| CVE-2021-24066 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2023-12-29 | 8.8 High |
| Microsoft SharePoint Remote Code Execution Vulnerability | ||||
| CVE-2021-26857 | 1 Microsoft | 1 Exchange Server | 2023-12-29 | 7.8 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2023-49772 | 1 Phpbits | 1 Genesis Simple Love | 2023-12-29 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Phpbits Creative Studio Genesis Simple Love.This issue affects Genesis Simple Love: from n/a through 2.0. | ||||
| CVE-2023-32242 | 1 Xtemos | 1 Woodmart | 2023-12-29 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme.This issue affects WoodMart - Multipurpose WooCommerce Theme: from n/a through 1.0.36. | ||||
| CVE-2023-49778 | 1 Dmry | 1 Sayfa Sayac | 2023-12-29 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Hakan Demiray Sayfa Sayac.This issue affects Sayfa Sayac: from n/a through 2.6. | ||||
| CVE-2023-49826 | 1 Pencidesign | 1 Soledad | 2023-12-29 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1. | ||||
| CVE-2021-34520 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2023-12-28 | 8.1 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2023-28782 | 1 Gravityforms | 1 Gravity Forms | 2023-12-28 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. Gravity Forms.This issue affects Gravity Forms: from n/a through 2.7.3. | ||||
| CVE-2023-47507 | 1 Averta | 1 Master Slider Pro | 2023-12-28 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Master Slider Master Slider Pro.This issue affects Master Slider Pro: from n/a through 3.6.5. | ||||
| CVE-2023-46147 | 1 Themify | 1 Themify Ultra | 2023-12-28 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5. | ||||
| CVE-2023-40555 | 1 Uxthemes | 1 Flatsome | 2023-12-28 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in UX-themes Flatsome | Multi-Purpose Responsive WooCommerce Theme.This issue affects Flatsome | Multi-Purpose Responsive WooCommerce Theme: from n/a through 3.17.5. | ||||
| CVE-2023-34027 | 1 Rajarora795 | 1 Recently Viewed Products | 2023-12-28 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Rajnish Arora Recently Viewed Products.This issue affects Recently Viewed Products: from n/a through 1.0.0. | ||||
| CVE-2023-34382 | 1 Wedevs | 1 Dokan | 2023-12-28 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.19. | ||||
| CVE-2023-37390 | 1 Themesflat | 1 Themesflat Addons For Elementor | 2023-12-28 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Themesflat Themesflat Addons For Elementor.This issue affects Themesflat Addons For Elementor: from n/a through 2.0.0. | ||||