Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2024-01-24 CVE-2024-22309 Deserialization of Untrusted Data vulnerability in Quantumcloud AI Chatbot
Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a through 5.1.0.
network
low complexity
quantumcloud CWE-502
critical
 9.8
9.8
2024-01-23 CVE-2024-23636 Deserialization of Untrusted Data vulnerability in Sofastack Sofarpc
SOFARPC is a Java RPC framework.
network
low complexity
sofastack CWE-502
critical
 9.8
9.8
2024-01-22 CVE-2017-20189 Deserialization of Untrusted Data vulnerability in Clojure
In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization.
network
low complexity
clojure CWE-502
critical
 9.8
9.8
2024-01-19 CVE-2024-0739 Deserialization of Untrusted Data vulnerability in Leadshop
A vulnerability, which was classified as critical, was found in Hecheng Leadshop up to 1.4.20.
network
low complexity
leadshop CWE-502
critical
 9.8
9.8
2024-01-19 CVE-2022-45083 Deserialization of Untrusted Data vulnerability in Properfraction Profilepress
Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress: from n/a through 4.3.2.
network
low complexity
properfraction CWE-502
7.2
7.2
2024-01-19 CVE-2022-45845 Deserialization of Untrusted Data vulnerability in Nextendweb Smart Slider 3
Deserialization of Untrusted Data vulnerability in Nextend Smart Slider 3.This issue affects Smart Slider 3: from n/a through 3.5.1.9.
network
low complexity
nextendweb CWE-502
8.8
8.8
2024-01-18 CVE-2024-0654 Deserialization of Untrusted Data vulnerability in Iperov Deepfacelab Df.Wf.288Res.384.92.72.22
A vulnerability, which was classified as problematic, was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22.
local
low complexity
iperov CWE-502
7.8
7.8
2024-01-16 CVE-2024-0603 Deserialization of Untrusted Data vulnerability in Zhicms
A vulnerability classified as critical has been found in ZhiCms up to 4.0.
network
low complexity
zhicms CWE-502
critical
 9.8
9.8
2024-01-16 CVE-2023-1405 Deserialization of Untrusted Data vulnerability in Strategy11 Formidable Forms
The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present.
network
low complexity
strategy11 CWE-502
7.5
7.5
2024-01-15 CVE-2023-6049 Deserialization of Untrusted Data vulnerability in Estatik
The Estatik Real Estate Plugin WordPress plugin before 4.1.1 unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blog
network
low complexity
estatik CWE-502
critical
 9.8
9.8