Total
1983 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0429 | 1 Aipower | 1 Aipower | 2025-01-24 | N/A | 7.2 HIGH |
| The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_content'] variable through the wpaicg_export_ai_forms() function. This allows authenticated attackers, with administrative privileges, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | |||||
| CVE-2023-38203 | 1 Adobe | 1 Coldfusion | 2025-01-23 | N/A | 9.8 CRITICAL |
| Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-31890 | 1 Glazedlists | 1 Glazed Lists | 2025-01-23 | N/A | 9.8 CRITICAL |
| An XML Deserialization vulnerability in glazedlists v1.11.0 allows an attacker to execute arbitrary code via the BeanXMLByteCoder.decode() parameter. | |||||
| CVE-2025-23914 | 2025-01-22 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in NotFound Muzaara Google Ads Report allows Object Injection. This issue affects Muzaara Google Ads Report: from n/a through 3.1. | |||||
| CVE-2025-23944 | 2025-01-22 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in WOOEXIM.COM WOOEXIM allows Object Injection. This issue affects WOOEXIM: from n/a through 5.0.0. | |||||
| CVE-2025-23932 | 2025-01-22 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in NotFound Quick Count allows Object Injection. This issue affects Quick Count: from n/a through 3.00. | |||||
| CVE-2024-0692 | 1 Solarwinds | 1 Security Event Manager | 2025-01-21 | N/A | 8.8 HIGH |
| The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution. | |||||
| CVE-2024-3483 | 1 Microfocus | 1 Imanager | 2025-01-21 | N/A | 7.8 HIGH |
| Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization issues. | |||||
| CVE-2024-3967 | 1 Microfocus | 1 Imanager | 2025-01-21 | N/A | 7.6 HIGH |
| Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization. | |||||
| CVE-2024-49699 | 2025-01-21 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This issue affects ARPrice: from n/a through 4.0.3. | |||||
| CVE-2024-49688 | 2025-01-21 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This issue affects ARPrice: from n/a through 4.0.3. | |||||
| CVE-2025-0586 | 2025-01-20 | N/A | 7.2 HIGH | ||
| The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote attackers with database modification privileges and regular system privileges to perform arbitrary code execution. | |||||
| CVE-2024-12703 | 2025-01-17 | N/A | 7.8 HIGH | ||
| CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when a non-admin authenticated user opens a malicious project file. | |||||
| CVE-2023-1967 | 1 Keysight | 1 N8844a | 2025-01-16 | N/A | 9.8 CRITICAL |
| Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid. | |||||
| CVE-2023-51389 | 1 Apache | 1 Hertzbeat | 2025-01-16 | N/A | 9.8 CRITICAL |
| Hertzbeat is a real-time monitoring system. At the interface of `/define/yml`, SnakeYAML is used as a parser to parse yml content, but no security configuration is used, resulting in a YAML deserialization vulnerability. Version 1.4.1 fixes this vulnerability. | |||||
| CVE-2024-4200 | 1 Progress | 1 Telerik Reporting | 2025-01-16 | N/A | 7.7 HIGH |
| In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. | |||||
| CVE-2024-1856 | 1 Progress | 1 Telerik Reporting | 2025-01-16 | N/A | 8.5 HIGH |
| In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability. | |||||
| CVE-2024-1801 | 1 Progress | 1 Telerik Reporting | 2025-01-16 | N/A | 7.7 HIGH |
| In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. | |||||
| CVE-2024-23052 | 1 5kcrm | 1 Wukongcrm | 2025-01-16 | N/A | 9.8 CRITICAL |
| An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute arbitrary code via the parseObject() function in the fastjson component. | |||||
| CVE-2024-1800 | 1 Progress | 1 Telerik Report Server | 2025-01-16 | N/A | 9.9 CRITICAL |
| In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability. | |||||