Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2024-02-02 CVE-2024-22320 Deserialization of Untrusted Data vulnerability in IBM Operational Decision Manager
IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization.
network
low complexity
ibm CWE-502
8.8
8.8
2024-01-30 CVE-2023-51204 Deserialization of Untrusted Data vulnerability in Openrobotics Robot Operating System 2
Insecure deserialization in ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to execute arbitrary code via a crafted input.
network
low complexity
openrobotics CWE-502
critical
 9.8
9.8
2024-01-30 CVE-2024-1032 Deserialization of Untrusted Data vulnerability in Openbi Project Openbi
A vulnerability classified as critical was found in openBI up to 1.0.8.
network
low complexity
openbi-project CWE-502
critical
 9.8
9.8
2024-01-27 CVE-2024-0960 Deserialization of Untrusted Data vulnerability in Flink-Extended Aiflow 0.3.1
A vulnerability was found in flink-extended ai-flow 0.3.1.
network
low complexity
flink-extended CWE-502
critical
 9.8
9.8
2024-01-27 CVE-2024-0959 Deserialization of Untrusted Data vulnerability in Standford Gibsonenv 0.3.1
A vulnerability was found in StanfordVL GibsonEnv 0.3.1.
network
low complexity
standford CWE-502
critical
 9.8
9.8
2024-01-26 CVE-2024-0937 Deserialization of Untrusted Data vulnerability in Vanderschaarlab Temporai 0.2.9
A vulnerability, which was classified as critical, has been found in van_der_Schaar LAB synthcity 0.2.9.
network
low complexity
vanderschaarlab CWE-502
critical
 9.8
9.8
2024-01-26 CVE-2024-0936 Deserialization of Untrusted Data vulnerability in Vanderschaarlab Temporai 0.0.3
A vulnerability classified as critical was found in van_der_Schaar LAB TemporAI 0.0.3.
network
low complexity
vanderschaarlab CWE-502
8.8
8.8
2024-01-24 CVE-2023-50943 Deserialization of Untrusted Data vulnerability in Apache Airflow
Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization.
network
low complexity
apache CWE-502
7.5
7.5
2024-01-24 CVE-2024-22284 Deserialization of Untrusted Data vulnerability in Asgaros Forum
Deserialization of Untrusted Data vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.7.2.
network
low complexity
asgaros CWE-502
critical
 9.8
9.8
2024-01-24 CVE-2024-22309 Deserialization of Untrusted Data vulnerability in Quantumcloud AI Chatbot
Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a through 5.1.0.
network
low complexity
quantumcloud CWE-502
critical
 9.8
9.8