VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Deserialization of Untrusted Data
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-01-20
CVE-2025-0586
The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote attackers with database modification privileges and regular system privileges to perform arbitrary code execution.
network
low complexity
CWE-502
7.2
7.2
2025-01-11
CVE-2024-12877
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 via deserialization of untrusted input from the donation form like 'firstName'.
network
low complexity
CWE-502
critical
9.8
9.8
2025-01-11
CVE-2024-12627
The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.5 via deserialization of untrusted input from post content passed to the capture_email AJAX action.
network
high complexity
CWE-502
7.5
7.5
2025-01-07
CVE-2024-11465
The Custom Product Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8.5 via deserialization of untrusted input in the 'yikes_woo_products_tabs' post meta parameter.
network
low complexity
CWE-502
7.2
7.2
2025-01-07
CVE-2024-12313
The Compare Products for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.1 via deserialization of untrusted input from the 'woo_compare_list' cookie.
network
high complexity
CWE-502
8.1
8.1
2025-01-05
CVE-2024-13136
Deserialization of Untrusted Data vulnerability in Wangl1989 Mysiteforme 1.0
A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical.
network
low complexity
wangl1989
CWE-502
critical
9.8
9.8
2025-01-04
CVE-2024-10932
The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursive_unserialize_replace' function.
network
low complexity
CWE-502
8.8
8.8
2024-12-21
CVE-2024-12721
The Custom Product Tabs For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.4 via deserialization of untrusted input from the 'wb_custom_tabs' parameter.
network
low complexity
CWE-502
7.2
7.2
2024-12-16
CVE-2024-10095
Deserialization of Untrusted Data vulnerability in Telerik UI for WPF
In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability.
network
low complexity
telerik
CWE-502
critical
9.8
9.8
2024-12-12
CVE-2024-49147
Deserialization of Untrusted Data vulnerability in Microsoft Update Catalog
Deserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to elevate privileges on the website’s webserver.
network
low complexity
microsoft
CWE-502
critical
9.8
9.8
«
1
(current)
2
3
4
5
...
99
100
»
Next