Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2023-04-19 CVE-2021-28254 Deserialization of Untrusted Data vulnerability in Laravel 8.5.9
A deserialization vulnerability in the destruct() function of Laravel v8.5.9 allows attackers to execute arbitrary commands.
network
low complexity
laravel CWE-502
critical
9.8
2023-04-11 CVE-2023-1552 Deserialization of Untrusted Data vulnerability in GE Toolboxst 04.07.05C/07.09.07C
ToolboxST prior to version 7.10 is affected by a deserialization vulnerability.
local
low complexity
ge CWE-502
7.8
2023-04-06 CVE-2023-28500 Deserialization of Untrusted Data vulnerability in Adobe Livecycle ES4
A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 version 11.0 and earlier allows unauthenticated remote attackers to gain operating system code execution by submitting specially crafted Java serialized objects to a specific URL.
network
low complexity
adobe CWE-502
critical
9.8
2023-04-05 CVE-2023-20102 Deserialization of Untrusted Data vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system.
network
low complexity
cisco CWE-502
8.8
2023-04-04 CVE-2020-29312 Deserialization of Untrusted Data vulnerability in Zend Framework
An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function.
network
low complexity
zend CWE-502
critical
9.8
2023-03-29 CVE-2022-36971 Deserialization of Untrusted Data vulnerability in Ivanti Avalanche 6.3.2.3490/6.3.3/6.3.3.101
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490.
network
low complexity
ivanti CWE-502
8.8
2023-03-27 CVE-2023-26547 Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos
The InputMethod module has a vulnerability of serialization/deserialization mismatch.
local
low complexity
huawei CWE-502
7.8
2023-03-27 CVE-2023-26548 Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos
The pgmng module has a vulnerability in serialization/deserialization.
network
low complexity
huawei CWE-502
7.5
2023-03-27 CVE-2023-1399 Deserialization of Untrusted Data vulnerability in Keysight N6854A Firmware 2.3.0/2.4.0/2.4.2
N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which may allow a malicious actor to escalate privileges in the affected device’s default configuration and achieve remote code execution.
network
low complexity
keysight CWE-502
critical
9.8
2023-03-27 CVE-2023-1133 Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default.
network
low complexity
deltaww CWE-502
critical
9.8