Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-29 | CVE-2022-36964 | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. | 8.8 |
| 2022-11-28 | CVE-2022-3490 | Deserialization of Untrusted Data vulnerability in Themehigh Checkout Field Editor for Woocommerce The Checkout Field Editor (Checkout Manager) for WooCommerce WordPress plugin before 1.8.0 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present | 7.2 |
| 2022-11-25 | CVE-2022-41958 | Deserialization of Untrusted Data vulnerability in Super Xray Project Super Xray super-xray is a web vulnerability scanning tool. | 7.8 |
| 2022-11-23 | CVE-2022-41875 | Deserialization of Untrusted Data vulnerability in Airbnb Optica A remote code execution (RCE) vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. | 9.8 |
| 2022-11-23 | CVE-2022-41922 | Deserialization of Untrusted Data vulnerability in Yiiframework YII `yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. | 9.8 |
| 2022-11-21 | CVE-2022-3861 | Deserialization of Untrusted Data vulnerability in Muffingroup Betheme The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfn_builder_import, mfn_builder_import_page, importdata, importsinglepage, and importfromclipboard functions. | 8.8 |
| 2022-11-20 | CVE-2022-3525 | Deserialization of Untrusted Data vulnerability in Librenms Deserialization of Untrusted Data in GitHub repository librenms/librenms prior to 22.10.0. | 8.8 |
| 2022-11-17 | CVE-2022-45077 | Deserialization of Untrusted Data vulnerability in Muffingroup Betheme Auth. | 8.8 |
| 2022-11-16 | CVE-2022-45047 | Deserialization of Untrusted Data vulnerability in Apache Sshd Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. | 9.8 |
| 2022-11-14 | CVE-2022-45136 | Deserialization of Untrusted Data vulnerability in Apache Jena SDB 3.17.0 ** UNSUPPORTED WHEN ASSIGNED ** Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. | 9.8 |