Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2023-09-27 CVE-2023-43291 Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to execute arbitrary code via the cache.php component.
network
low complexity
CWE-502
critical
9.8
2023-09-27 CVE-2023-40044 Deserialization of Untrusted Data vulnerability in Progress WS FTP Server
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.  
network
low complexity
progress CWE-502
8.8
2023-09-20 CVE-2023-40619 Deserialization of Untrusted Data vulnerability in PHPpgadmin Project PHPpgadmin
phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places.
network
low complexity
phppgadmin-project CWE-502
critical
9.8
2023-09-17 CVE-2023-5016 Deserialization of Untrusted Data vulnerability in Ssssssss Spider-Flow
A vulnerability was found in spider-flow up to 0.5.0.
network
low complexity
ssssssss CWE-502
critical
9.8
2023-09-14 CVE-2023-32665 Deserialization of Untrusted Data vulnerability in Gnome Glib
A flaw was found in GLib.
local
low complexity
gnome CWE-502
5.5
2023-09-14 CVE-2023-38204 Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 2018/2021/2023
Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution.
network
low complexity
adobe CWE-502
critical
9.8
2023-09-11 CVE-2022-1415 Deserialization of Untrusted Data vulnerability in Redhat products
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data.
network
low complexity
redhat CWE-502
8.8
2023-09-11 CVE-2023-35669 Deserialization of Untrusted Data vulnerability in Google Android
In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to control other running activities due to unsafe deserialization.
local
low complexity
google CWE-502
7.8
2023-09-11 CVE-2023-4314 Deserialization of Untrusted Data vulnerability in Tms-Outsource Wpdatatables
The wpDataTables WordPress plugin before 2.1.66 does not validate the "Serialized PHP array" input data before deserializing the data.
network
low complexity
tms-outsource CWE-502
7.2
2023-09-11 CVE-2020-19559 Deserialization of Untrusted Data vulnerability in Dieboldnixdorf Agilis XFS for Opteva 4.1.61.1
An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a remote attacker to execute arbitrary code via a crafted payload to the ResolveMethod() parameter.
network
low complexity
dieboldnixdorf CWE-502
critical
9.8