VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Deserialization of Untrusted Data
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-02-20
CVE-2024-13789
The ravpage plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.31 via deserialization of untrusted input from the 'paramsv2' parameter.
network
low complexity
CWE-502
critical
9.8
9.8
2025-02-19
CVE-2024-28777
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to unrestricted deserialization.
network
low complexity
CWE-502
8.8
8.8
2025-02-19
CVE-2024-45084
IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an authenticated attacker to conduct formula injection.
network
low complexity
CWE-502
8.0
8.0
2025-02-18
CVE-2024-13636
The Brooklyn theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.9.9.2 via deserialization of untrusted input in the ot_decode function.
network
low complexity
CWE-502
8.8
8.8
2025-02-15
CVE-2024-12562
The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input from the 's2member_pro_remote_op' vulnerable parameter.
network
low complexity
CWE-502
critical
9.8
9.8
2025-02-13
CVE-2024-13770
The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2.4 via deserialization of untrusted input 'view_more_posts' AJAX action.
network
high complexity
CWE-502
8.1
8.1
2025-02-11
CVE-2025-1177
Deserialization of Untrusted Data vulnerability in Xunruicms 4.6.3
A vulnerability was found in dayrui XunRuiCMS 4.6.3.
network
low complexity
xunruicms
CWE-502
critical
9.8
9.8
2025-02-07
CVE-2024-9664
Deserialization of Untrusted Data vulnerability in Soflyy WP ALL Import
The WP All Import Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.9.7 via deserialization of untrusted input from an import file.
network
low complexity
soflyy
CWE-502
7.2
7.2
2025-02-05
CVE-2025-20124
A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software.
network
low complexity
CWE-502
critical
9.9
9.9
2025-02-03
CVE-2025-0974
A vulnerability, which was classified as critical, has been found in MaxD Lightning Module 4.43 on OpenCart.
network
high complexity
CWE-502
5.0
5.0
«
1
(current)
2
3
4
5
...
103
104
»
Next