Total
1805 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3291 | 1 Gitlab | 1 Gitlab | 2025-05-13 | N/A | 6.5 MEDIUM |
| Serialization of sensitive data in GitLab EE affecting all versions from 14.9 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 can leak sensitive information via cache | |||||
| CVE-2022-40889 | 1 Phpok | 1 Phpok | 2025-05-13 | N/A | 9.8 CRITICAL |
| Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php. | |||||
| CVE-2022-39198 | 1 Apache | 1 Dubbo | 2025-05-13 | N/A | 9.8 CRITICAL |
| A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version 3.1.0 and prior versions. | |||||
| CVE-2025-31103 | 1 Appleple | 1 A-blog Cms | 2025-05-13 | N/A | 7.5 HIGH |
| Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server. | |||||
| CVE-2024-2721 | 1 Sygnoos | 1 Social Media Share Buttons | 2025-05-13 | N/A | 8.2 HIGH |
| Deserialization of Untrusted Data vulnerability in Social Media Share Buttons By Sygnoos Social Media Share Buttons.This issue affects Social Media Share Buttons: from n/a through 2.1.0. | |||||
| CVE-2025-47629 | 1 Wp-crm | 1 Wp-crm System | 2025-05-12 | N/A | 7.2 HIGH |
| Deserialization of Untrusted Data vulnerability in Mario Peshev WP-CRM System allows Object Injection. This issue affects WP-CRM System: from n/a through 3.4.1. | |||||
| CVE-2025-46738 | 2025-05-12 | N/A | 6.6 MEDIUM | ||
| An authenticated attacker can maliciously modify layout data files in the SEL-5033 installation directory to execute arbitrary code. | |||||
| CVE-2023-1650 | 1 Quantumcloud | 1 Wpbot | 2025-05-12 | N/A | 9.8 CRITICAL |
| The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog | |||||
| CVE-2024-22309 | 1 Quantumcloud | 1 Wpbot | 2025-05-12 | N/A | 8.7 HIGH |
| Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a through 5.1.0. | |||||
| CVE-2025-34489 | 1 Gfi | 1 Mailessentials | 2025-05-10 | N/A | 7.8 HIGH |
| GFI MailEssentials prior to version 21.8 is vulnerable to a local privilege escalation issue. A local attacker can escalate to NT Authority/SYSTEM by sending a crafted serialized payload to a .NET Remoting Service. | |||||
| CVE-2025-34491 | 1 Gfi | 1 Mailessentials | 2025-05-10 | N/A | 8.8 HIGH |
| GFI MailEssentials prior to version 21.8 is vulnerable to a .NET deserialization issue. A remote and authenticated attacker can execute arbitrary code by sending crafted serialized .NET when joining to a Multi-Server setup. | |||||
| CVE-2020-8165 | 3 Debian, Opensuse, Rubyonrails | 3 Debian Linux, Leap, Rails | 2025-05-09 | 7.5 HIGH | 9.8 CRITICAL |
| A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE. | |||||
| CVE-2022-3335 | 1 Kadencewp | 1 Kadence Woocommerce Email Designer | 2025-05-09 | N/A | 7.2 HIGH |
| The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. | |||||
| CVE-2022-43019 | 1 Opencats | 1 Opencats | 2025-05-09 | N/A | 9.8 CRITICAL |
| OpenCATS v0.9.6 was discovered to contain a remote code execution (RCE) vulnerability via the getDataGridPager's ajax functionality. | |||||
| CVE-2022-23734 | 1 Github | 1 Enterprise Server | 2025-05-09 | N/A | 8.8 HIGH |
| A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. To exploit this vulnerability, an attacker would need to gain access via a server-side request forgery (SSRF) that would let an attacker control the data being deserialized. This vulnerability affected all versions of GitHub Enterprise Server prior to v3.6 and was fixed in versions 3.5.3, 3.4.6, 3.3.11, and 3.2.16. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2024-3591 | 1 Infinitumform | 1 Geo Controller | 2025-05-08 | N/A | 6.5 MEDIUM |
| The Geo Controller WordPress plugin before 8.6.5 unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog. | |||||
| CVE-2022-38108 | 1 Solarwinds | 1 Orion Platform | 2025-05-08 | N/A | 7.2 HIGH |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | |||||
| CVE-2025-47683 | 2025-05-08 | N/A | 7.2 HIGH | ||
| Deserialization of Untrusted Data vulnerability in Florent Maillefaud WP Maintenance allows Object Injection. This issue affects WP Maintenance: from n/a through 6.1.9.7. | |||||
| CVE-2024-23759 | 1 Gambio | 1 Gambio | 2025-05-07 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function. | |||||
| CVE-2025-31175 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-07 | N/A | 8.4 HIGH |
| Deserialization mismatch vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect service integrity. | |||||