Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2022-11-29 CVE-2022-36964 Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data.
network
low complexity
solarwinds CWE-502
8.8
2022-11-28 CVE-2022-3490 Deserialization of Untrusted Data vulnerability in Themehigh Checkout Field Editor for Woocommerce
The Checkout Field Editor (Checkout Manager) for WooCommerce WordPress plugin before 1.8.0 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present
network
low complexity
themehigh CWE-502
7.2
2022-11-25 CVE-2022-41958 Deserialization of Untrusted Data vulnerability in Super Xray Project Super Xray
super-xray is a web vulnerability scanning tool.
local
low complexity
super-xray-project CWE-502
7.8
2022-11-23 CVE-2022-41875 Deserialization of Untrusted Data vulnerability in Airbnb Optica
A remote code execution (RCE) vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads.
network
low complexity
airbnb CWE-502
critical
9.8
2022-11-23 CVE-2022-41922 Deserialization of Untrusted Data vulnerability in Yiiframework YII
`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input.
network
low complexity
yiiframework CWE-502
critical
9.8
2022-11-21 CVE-2022-3861 Deserialization of Untrusted Data vulnerability in Muffingroup Betheme
The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfn_builder_import, mfn_builder_import_page, importdata, importsinglepage, and importfromclipboard functions.
network
low complexity
muffingroup CWE-502
8.8
2022-11-20 CVE-2022-3525 Deserialization of Untrusted Data vulnerability in Librenms
Deserialization of Untrusted Data in GitHub repository librenms/librenms prior to 22.10.0.
network
low complexity
librenms CWE-502
8.8
2022-11-17 CVE-2022-45077 Deserialization of Untrusted Data vulnerability in Muffingroup Betheme
Auth.
network
low complexity
muffingroup CWE-502
8.8
2022-11-16 CVE-2022-45047 Deserialization of Untrusted Data vulnerability in Apache Sshd
Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey.
network
low complexity
apache CWE-502
critical
9.8
2022-11-14 CVE-2022-45136 Deserialization of Untrusted Data vulnerability in Apache Jena SDB 3.17.0
** UNSUPPORTED WHEN ASSIGNED ** Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data.
network
low complexity
apache CWE-502
critical
9.8