Vulnerabilities > Deserialization of Untrusted Data

DATE	CVE	VULNERABILITY TITLE	RISK
2024-12-21	CVE-2024-12721	The Custom Product Tabs For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.4 via deserialization of untrusted input from the 'wb_custom_tabs' parameter. network low complexity CWE-502	7.2
2024-12-16	CVE-2024-10095	Deserialization of Untrusted Data vulnerability in Telerik UI for WPF In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability. network low complexity telerik CWE-502 critical	9.8
2024-12-12	CVE-2024-49147	Deserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to elevate privileges on the website’s webserver. network low complexity CWE-502 critical	9.3
2024-12-12	CVE-2024-12312	The Print Science Designer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.152 via deserialization of untrusted input through the 'designer-saved-projects' cookie. network high complexity CWE-502	8.1
2024-12-12	CVE-2024-49063	Microsoft/Muzic Remote Code Execution Vulnerability local low complexity CWE-502	8.4
2024-12-12	CVE-2024-49070	Microsoft SharePoint Remote Code Execution Vulnerability local high complexity CWE-502	7.4
2024-12-12	CVE-2024-11947	Deserialization of Untrusted Data vulnerability in GFI Archiver GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. network low complexity gfi CWE-502	8.8
2024-12-12	CVE-2024-11949	Deserialization of Untrusted Data vulnerability in GFI Archiver GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. network low complexity gfi CWE-502	8.8
2024-12-10	CVE-2024-49849	A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions), SIMATIC WinCC Unified V16 (All versions), SIMATIC WinCC Unified V17 (All versions), SIMATIC WinCC Unified V18 (All versions), SIMATIC WinCC Unified V19 (All versions), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions), SIMOCODE ES V16 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOTION SCOUT TIA V5.4 SP1 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SIMOTION SCOUT TIA V5.6 SP1 (All versions), SINAMICS Startdrive V16 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), TIA Portal Cloud V16 (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions). local low complexity CWE-502	7.8
2024-11-26	CVE-2024-53673	Deserialization of Untrusted Data vulnerability in HPE Insight Remote Support 7.12/7.12.0.529/7.12.0.545 A java deserialization vulnerability in HPE Remote Insight Support may allow an unauthenticated attacker to execute code. network low complexity hpe CWE-502 critical	9.8