Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-30 | CVE-2023-2288 | Deserialization of Untrusted Data vulnerability in Themeisle Otter The Otter WordPress plugin before 2.2.6 does not sanitize some user-controlled file paths before performing file operations on them. | 8.8 |
| 2023-05-25 | CVE-2023-2500 | Deserialization of Untrusted Data vulnerability in Granthweb GO Pricing The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.3.19 via deserialization of untrusted input from the 'go_pricing' shortcode 'data' parameter. | 8.8 |
| 2023-05-24 | CVE-2022-4815 | Deserialization of Untrusted Data vulnerability in Hitachi products Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods. | 8.8 |
| 2023-05-23 | CVE-2023-27068 | Deserialization of Untrusted Data vulnerability in Sitecore Experience Platform Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx. | 9.8 |
| 2023-05-16 | CVE-2023-31890 | Deserialization of Untrusted Data vulnerability in Glazedlists Glazed Lists 1.11.0 An XML Deserialization vulnerability in glazedlists v1.11.0 allows an attacker to execute arbitrary code via the BeanXMLByteCoder.decode() parameter. | 9.8 |
| 2023-05-12 | CVE-2023-20878 | Deserialization of Untrusted Data vulnerability in VMWare Cloud Foundation and Vrealize Operations VMware Aria Operations contains a deserialization vulnerability. | 7.2 |
| 2023-05-08 | CVE-2023-1650 | Deserialization of Untrusted Data vulnerability in Quantumcloud AI Chatbot The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog | 9.8 |
| 2023-04-27 | CVE-2023-1967 | Deserialization of Untrusted Data vulnerability in Keysight N8844A 2.1.7351 Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid. | 9.8 |
| 2023-04-21 | CVE-2023-2141 | Deserialization of Untrusted Data vulnerability in 3DS Delmia Apriso 2017/2019/2022 An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution. | 8.8 |
| 2023-04-20 | CVE-2023-20864 | Deserialization of Untrusted Data vulnerability in VMWare Aria Operations for Logs and Cloud Foundation VMware Aria Operations for Logs contains a deserialization vulnerability. | 9.8 |