Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2024-02-29 CVE-2024-23052 Deserialization of Untrusted Data vulnerability in 5Kcrm Wukongcrm 9.0.120191202
An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute arbitrary code via the parseObject() function in the fastjson component.
network
low complexity
5kcrm CWE-502
critical
 9.8
9.8
2024-02-29 CVE-2024-23328 Deserialization of Untrusted Data vulnerability in Dataease
Dataease is an open source data visualization analysis tool.
network
low complexity
dataease CWE-502
critical
 9.1
9.1
2024-02-22 CVE-2023-51389 Deserialization of Untrusted Data vulnerability in Apache Hertzbeat
Hertzbeat is a real-time monitoring system.
network
low complexity
apache CWE-502
critical
 9.8
9.8
2024-02-18 CVE-2023-52357 Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos
Vulnerability of serialization/deserialization mismatch in the vibration framework.Successful exploitation of this vulnerability may affect availability.
network
low complexity
huawei CWE-502
7.5
7.5
2024-02-14 CVE-2023-26592 Deserialization of Untrusted Data vulnerability in Intel Thunderbolt DCH Driver 1.41.1054.0/72
Deserialization of untrusted data in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable a denial of service via local access.
local
low complexity
intel CWE-502
3.8
3.8
2024-02-09 CVE-2024-1353 Deserialization of Untrusted Data vulnerability in PHPems 1.0
A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0.
network
low complexity
phpems CWE-502
critical
 9.8
9.8
2024-02-06 CVE-2024-24590 Deserialization of Untrusted Data vulnerability in Clear Clearml
Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.
network
low complexity
clear CWE-502
8.8
8.8
2024-02-05 CVE-2024-0668 Deserialization of Untrusted Data vulnerability in Sigmaplugin Advanced Database Cleaner
The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'process_bulk_action' function.
network
low complexity
sigmaplugin CWE-502
7.2
7.2
2024-02-05 CVE-2023-6933 Deserialization of Untrusted Data vulnerability in Wpengine Better Search Replace
The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input.
network
low complexity
wpengine CWE-502
critical
 9.8
9.8
2024-01-26 CVE-2024-0937 Deserialization of Untrusted Data vulnerability in Vanderschaarlab Temporai 0.2.9
A vulnerability, which was classified as critical, has been found in van_der_Schaar LAB synthcity 0.2.9.
network
low complexity
vanderschaarlab CWE-502
critical
 9.8
9.8