Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2024-06-11 CVE-2024-35249 Deserialization of Untrusted Data vulnerability in Microsoft Dynamics 365 Business Central 2023/2024
Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability
network
low complexity
microsoft CWE-502
8.8
2024-06-06 CVE-2024-5675 Deserialization of Untrusted Data vulnerability in Summar Mentor 3.83.35
Untrusted data deserialization vulnerability has been found in Mentor - Employee Portal, affecting version 3.83.35.
network
low complexity
summar CWE-502
critical
9.8
2024-05-14 CVE-2024-28075 The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability.
low complexity
CWE-502
critical
9.0
2024-03-01 CVE-2024-0692 The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability.
low complexity
CWE-502
8.8
2024-02-20 CVE-2024-1651 Torrentpier version 2.4.1 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to insecure deserialization.
network
low complexity
CWE-502
critical
10.0
2024-02-15 CVE-2023-40057 Deserialization of Untrusted Data vulnerability in Solarwinds Access Rights Manager
The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability.
low complexity
solarwinds CWE-502
critical
9.0
2024-02-15 CVE-2024-23478 Deserialization of Untrusted Data vulnerability in Solarwinds Access Rights Manager
SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Remote Code Execution Vulnerability.
low complexity
solarwinds CWE-502
8.0
2024-02-09 CVE-2024-1353 Deserialization of Untrusted Data vulnerability in PHPems 1.0
A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0.
network
low complexity
phpems CWE-502
critical
9.8
2024-02-06 CVE-2024-24590 Deserialization of Untrusted Data vulnerability in Clear Clearml
Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.
network
low complexity
clear CWE-502
8.8
2024-02-05 CVE-2024-0668 Deserialization of Untrusted Data vulnerability in Sigmaplugin Advanced Database Cleaner
The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'process_bulk_action' function.
network
low complexity
sigmaplugin CWE-502
7.2