Vulnerabilities > Deserialization of Untrusted Data
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-03 | CVE-2023-46817 | Deserialization of Untrusted Data vulnerability in PHPfox An issue was discovered in phpFox before 4.8.14. | 9.8 |
2023-11-02 | CVE-2023-47204 | Deserialization of Untrusted Data vulnerability in Toumorokoshi Transmute-Core Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code. | 9.8 |
2023-11-01 | CVE-2023-1714 | Deserialization of Untrusted Data vulnerability in Bitrix24 22.0.300 Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via (1) appending arbitrary content to existing PHP files or (2) PHAR deserialization. | 8.8 |
2023-10-31 | CVE-2023-47174 | Deserialization of Untrusted Data vulnerability in Thorntech Sftp Gateway Firmware Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. | 9.8 |
2023-10-27 | CVE-2023-40121 | Deserialization of Untrusted Data vulnerability in Google Android In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. | 5.5 |
2023-10-20 | CVE-2022-3342 | Deserialization of Untrusted Data vulnerability in Automattic Jetpack CRM The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to, and including, 5.3.1. | 8.8 |
2023-10-20 | CVE-2023-4386 | Deserialization of Untrusted Data vulnerability in Wpdeveloper Essential Blocks The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. | 8.1 |
2023-10-20 | CVE-2023-39680 | Deserialization of Untrusted Data vulnerability in Sollace Unicopia 1.1.1 Sollace Unicopia version 1.1.1 and before was discovered to deserialize untrusted data, allowing attackers to execute arbitrary code. | 9.8 |
2023-10-20 | CVE-2023-4402 | Deserialization of Untrusted Data vulnerability in Wpdeveloper Essential Blocks and Essential Blocks PRO The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. | 9.8 |
2023-10-20 | CVE-2023-34052 | Deserialization of Untrusted Data vulnerability in VMWare Aria Operations for Logs VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass. | 7.8 |