Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-08 | CVE-2023-39913 | Deserialization of Untrusted Data vulnerability in Apache Uimaj Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.This issue affects Apache UIMA Java SDK: before 3.5.0. Users are recommended to upgrade to version 3.5.0, which fixes the issue. There are several locations in the code where serialized Java objects are deserialized without verifying the data. | 8.8 |
| 2023-11-03 | CVE-2023-46817 | Deserialization of Untrusted Data vulnerability in PHPfox An issue was discovered in phpFox before 4.8.14. | 9.8 |
| 2023-11-02 | CVE-2023-47204 | Deserialization of Untrusted Data vulnerability in Toumorokoshi Transmute-Core Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code. | 9.8 |
| 2023-11-01 | CVE-2023-1714 | Deserialization of Untrusted Data vulnerability in Bitrix24 22.0.300 Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via (1) appending arbitrary content to existing PHP files or (2) PHAR deserialization. | 8.8 |
| 2023-10-31 | CVE-2023-47174 | Deserialization of Untrusted Data vulnerability in Thorntech Sftp Gateway Firmware Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. | 9.8 |
| 2023-10-27 | CVE-2023-40121 | Deserialization of Untrusted Data vulnerability in Google Android In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. | 5.5 |
| 2023-10-20 | CVE-2022-3342 | Deserialization of Untrusted Data vulnerability in Automattic Jetpack CRM The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to, and including, 5.3.1. | 8.8 |
| 2023-10-20 | CVE-2023-4386 | Deserialization of Untrusted Data vulnerability in Wpdeveloper Essential Blocks The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. | 8.1 |
| 2023-10-20 | CVE-2023-39680 | Deserialization of Untrusted Data vulnerability in Sollace Unicopia 1.1.1 Sollace Unicopia version 1.1.1 and before was discovered to deserialize untrusted data, allowing attackers to execute arbitrary code. | 9.8 |
| 2023-10-20 | CVE-2023-4402 | Deserialization of Untrusted Data vulnerability in Wpdeveloper Essential Blocks and Essential Blocks PRO The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. | 9.8 |