Vulnerabilities > Deserialization of Untrusted Data
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-27 | CVE-2023-43291 | Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to execute arbitrary code via the cache.php component. | 9.8 |
2023-09-27 | CVE-2023-40044 | Deserialization of Untrusted Data vulnerability in Progress WS FTP Server In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system. | 8.8 |
2023-09-20 | CVE-2023-40619 | Deserialization of Untrusted Data vulnerability in PHPpgadmin Project PHPpgadmin phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. | 9.8 |
2023-09-17 | CVE-2023-5016 | Deserialization of Untrusted Data vulnerability in Ssssssss Spider-Flow A vulnerability was found in spider-flow up to 0.5.0. | 9.8 |
2023-09-14 | CVE-2023-32665 | Deserialization of Untrusted Data vulnerability in Gnome Glib A flaw was found in GLib. | 5.5 |
2023-09-14 | CVE-2023-38204 | Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 2018/2021/2023 Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. | 9.8 |
2023-09-11 | CVE-2022-1415 | Deserialization of Untrusted Data vulnerability in Redhat products A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. | 8.8 |
2023-09-11 | CVE-2023-35669 | Deserialization of Untrusted Data vulnerability in Google Android In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to control other running activities due to unsafe deserialization. | 7.8 |
2023-09-11 | CVE-2023-4314 | Deserialization of Untrusted Data vulnerability in Tms-Outsource Wpdatatables The wpDataTables WordPress plugin before 2.1.66 does not validate the "Serialized PHP array" input data before deserializing the data. | 7.2 |
2023-09-11 | CVE-2020-19559 | Deserialization of Untrusted Data vulnerability in Dieboldnixdorf Agilis XFS for Opteva 4.1.61.1 An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a remote attacker to execute arbitrary code via a crafted payload to the ResolveMethod() parameter. | 9.8 |