Vulnerabilities > Deserialization of Untrusted Data

DATE	CVE	VULNERABILITY TITLE	RISK
2025-03-24	CVE-2025-2690	Deserialization of Untrusted Data vulnerability in Yiiframework YII A vulnerability, which was classified as critical, was found in yiisoft Yii2 up to 2.0.39. network low complexity yiiframework CWE-502 critical	9.8
2025-03-24	CVE-2025-2689	Deserialization of Untrusted Data vulnerability in Yiiframework YII A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45. network low complexity yiiframework CWE-502 critical	9.8
2025-03-22	CVE-2025-1971	The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'form_data' parameter. network low complexity CWE-502	7.2
2025-03-22	CVE-2025-0724	The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.4.5 via deserialization of untrusted input in the get_user_meta_fields_html function. network low complexity CWE-502	8.8
2025-03-21	CVE-2025-29807	Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network. network low complexity CWE-502	8.7
2025-03-20	CVE-2024-13921	The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.0 via deserialization of untrusted input from the 'form_data' parameter. network low complexity CWE-502	7.2
2025-03-19	CVE-2024-13410	The CozyStay and TinySalt plugins for WordPress are vulnerable to PHP Object Injection in all versions up to, and including, 1.7.0, and in all versions up to, and including 3.9.0, respectively, via deserialization of untrusted input in the 'ajax_handler' function. network low complexity CWE-502 critical	9.8
2025-03-17	CVE-2025-2376	A vulnerability has been found in viames Pair Framework up to 1.9.11 and classified as critical. network low complexity CWE-502	7.3
2025-03-14	CVE-2025-2000	A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. network low complexity CWE-502 critical	9.8
2025-03-14	CVE-2024-13824	Deserialization of Untrusted Data vulnerability in Potenzaglobalsolutions Ciyashop The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.19.0 via deserialization of untrusted input in the 'add_ciyashop_wishlist' and 'ciyashop_get_compare' functions. network low complexity potenzaglobalsolutions CWE-502 critical	9.8