| 2025-02-03 | CVE-2025-0974 | A vulnerability, which was classified as critical, has been found in MaxD Lightning Module 4.43 on OpenCart. | 5.0 |
| 2025-01-30 | CVE-2024-13742 | Deserialization of Untrusted Data vulnerability in Icontrolwp
The iControlWP – Multiple WordPress Site Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.5 via deserialization of untrusted input from the reqpars parameter. | 9.8 |
| 2025-01-29 | CVE-2025-0841 | A vulnerability has been found in Aridius XYZ up to 20240927 on OpenCart and classified as critical. | 7.3 |
| 2025-01-27 | CVE-2025-0734 | A vulnerability has been found in y_project RuoYi up to 4.8.0 and classified as critical. | 4.7 |
| 2025-01-25 | CVE-2024-12600 | The Custom Product Tabs Lite for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.0 via deserialization of untrusted input from the 'frs_woo_product_tabs' parameter. | 7.2 |
| 2025-01-22 | CVE-2024-31903 | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 allow an attacker on the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data. | 8.8 |
| 2025-01-22 | CVE-2025-0428 | Deserialization of Untrusted Data vulnerability in Aipower
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_content'] variable through the wpaicg_export_prompts function. | 7.2 |
| 2025-01-22 | CVE-2025-0429 | Deserialization of Untrusted Data vulnerability in Aipower
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_content'] variable through the wpaicg_export_ai_forms() function. | 7.2 |
| 2025-01-21 | CVE-2024-10936 | Deserialization of Untrusted Data vulnerability in Instawp String Locator
The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.6 via deserialization of untrusted input in the 'recursive_unserialize_replace' function. | 8.8 |
| 2025-01-20 | CVE-2025-0586 | The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote attackers with database modification privileges and regular system privileges to perform arbitrary code execution. | 7.2 |