Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-04 | CVE-2024-37054 | Deserialization of Untrusted Data vulnerability in Lfprojects Mlflow Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with. | 8.8 |
| 2024-06-04 | CVE-2024-37055 | Deserialization of Untrusted Data vulnerability in Lfprojects Mlflow Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.0 or newer, enabling a maliciously uploaded pmdarima model to run arbitrary code on an end user’s system when interacted with. | 8.8 |
| 2024-06-04 | CVE-2024-37056 | Deserialization of Untrusted Data vulnerability in Lfprojects Mlflow Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user’s system when interacted with. | 8.8 |
| 2024-06-04 | CVE-2024-37057 | Deserialization of Untrusted Data vulnerability in Lfprojects Mlflow Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0rc0 or newer, enabling a maliciously uploaded Tensorflow model to run arbitrary code on an end user’s system when interacted with. | 8.8 |
| 2024-06-04 | CVE-2024-37058 | Deserialization of Untrusted Data vulnerability in Lfprojects Mlflow Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.5.0 or newer, enabling a maliciously uploaded Langchain AgentExecutor model to run arbitrary code on an end user’s system when interacted with. | 8.8 |
| 2024-06-04 | CVE-2024-37059 | Deserialization of Untrusted Data vulnerability in Lfprojects Mlflow Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with. | 8.8 |
| 2024-06-04 | CVE-2024-37060 | Deserialization of Untrusted Data vulnerability in Lfprojects Mlflow Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system when run. | 8.8 |
| 2024-05-27 | CVE-2024-26289 | Deserialization of Untrusted Data vulnerability in Sigb PMB Deserialization of Untrusted Data vulnerability in PMB Services PMB allows Remote Code Inclusion.This issue affects PMB: from 7.5.1 before 7.5.6-2, from 7.4.1 before 7.4.9, from 7.3.1 before 7.3.18. | 9.8 |
| 2024-05-23 | CVE-2024-5085 | Deserialization of Untrusted Data vulnerability in Hashthemes Hash Form The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input in the 'process_entry' function. | 9.8 |
| 2024-05-22 | CVE-2024-4157 | Deserialization of Untrusted Data vulnerability in Fluentforms Contact Form The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.1.15 via deserialization of untrusted input in the extractDynamicValues function. | 8.8 |