Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2024-03-01 CVE-2024-0692 The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability.
low complexity
CWE-502
8.8
2024-02-20 CVE-2024-1651 Torrentpier version 2.4.1 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to insecure deserialization.
network
low complexity
CWE-502
critical
10.0
2024-02-15 CVE-2023-40057 Deserialization of Untrusted Data vulnerability in Solarwinds Access Rights Manager
The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability.
low complexity
solarwinds CWE-502
critical
9.0
2024-02-15 CVE-2024-23478 Deserialization of Untrusted Data vulnerability in Solarwinds Access Rights Manager
SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Remote Code Execution Vulnerability.
low complexity
solarwinds CWE-502
8.0
2024-02-09 CVE-2024-1353 Deserialization of Untrusted Data vulnerability in PHPems
A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0.
network
low complexity
phpems CWE-502
critical
9.8
2024-02-06 CVE-2024-24590 Deserialization of Untrusted Data vulnerability in Clear Clearml
Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.
network
low complexity
clear CWE-502
8.8
2024-02-05 CVE-2024-0668 Deserialization of Untrusted Data vulnerability in Sigmaplugin Advanced Database Cleaner
The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'process_bulk_action' function.
network
low complexity
sigmaplugin CWE-502
7.2
2024-02-05 CVE-2023-6933 Deserialization of Untrusted Data vulnerability in Wpengine Better Search Replace
The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input.
network
low complexity
wpengine CWE-502
critical
9.8
2024-02-05 CVE-2024-1225 Deserialization of Untrusted Data vulnerability in Qibosoft Qibocms X1 1.0.6
A vulnerability classified as critical was found in QiboSoft QiboCMS X1 up to 1.0.6.
network
low complexity
qibosoft CWE-502
critical
9.8
2024-02-03 CVE-2024-1198 Deserialization of Untrusted Data vulnerability in Openbi
A vulnerability, which was classified as critical, was found in openBI up to 6.0.3.
network
low complexity
openbi CWE-502
critical
9.8