Vulnerabilities > Deserialization of Untrusted Data
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-24 | CVE-2023-50943 | Deserialization of Untrusted Data vulnerability in Apache Airflow Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. | 7.5 |
2024-01-22 | CVE-2017-20189 | Deserialization of Untrusted Data vulnerability in Clojure In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. | 9.8 |
2024-01-16 | CVE-2023-1405 | Deserialization of Untrusted Data vulnerability in Strategy11 Formidable Forms The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present. | 7.5 |
2024-01-15 | CVE-2023-6049 | Deserialization of Untrusted Data vulnerability in Estatik The Estatik Real Estate Plugin WordPress plugin before 4.1.1 unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blog | 9.8 |
2024-01-08 | CVE-2023-5235 | Deserialization of Untrusted Data vulnerability in Kutethemes Ovic Responsive Wpbakery The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does not limit which options can be updated via some of its AJAX actions, which may allow attackers with a subscriber+ account to update blog options, such as 'users_can_register' and 'default_role'. | 8.8 |
2024-01-08 | CVE-2023-6528 | Deserialization of Untrusted Data vulnerability in Themepunch Slider Revolution The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Code Execution. | 8.8 |
2024-01-03 | CVE-2023-49442 | Deserialization of Untrusted Data vulnerability in Jeecg Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request. | 9.8 |
2023-12-31 | CVE-2023-52182 | Deserialization of Untrusted Data vulnerability in Ari-Soft ARI Stream Quiz Deserialization of Untrusted Data vulnerability in ARI Soft ARI Stream Quiz – WordPress Quizzes Builder.This issue affects ARI Stream Quiz – WordPress Quizzes Builder: from n/a through 1.3.0. | 8.8 |
2023-12-29 | CVE-2023-51505 | Deserialization of Untrusted Data vulnerability in Pluginus Woot Deserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for WooCommerce. | 9.8 |
2023-12-25 | CVE-2022-34268 | Deserialization of Untrusted Data vulnerability in RWS Worldserver An issue was discovered in RWS WorldServer before 11.7.3. | 9.8 |