Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2023-02-15 CVE-2022-38111 Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform 2022.4.1
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data.
network
low complexity
solarwinds CWE-502
7.2
2023-02-15 CVE-2022-47503 Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform 2022.4.1
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data.
network
low complexity
solarwinds CWE-502
7.2
2023-02-15 CVE-2022-47504 Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform 2022.4.1
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data.
network
low complexity
solarwinds CWE-502
7.2
2023-02-15 CVE-2022-47507 Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform 2022.4.1
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data.
network
low complexity
solarwinds CWE-502
7.2
2023-02-15 CVE-2023-23836 Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform 2022.4.1
SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data.
network
low complexity
solarwinds CWE-502
7.2
2023-02-08 CVE-2022-45982 Deserialization of Untrusted Data vulnerability in Thinkphp
thinkphp 6.0.0~6.0.13 and 6.1.0~6.1.1 contains a deserialization vulnerability.
network
low complexity
thinkphp CWE-502
critical
9.8
2023-02-06 CVE-2023-0669 Deserialization of Untrusted Data vulnerability in Fortra Goanywhere Managed File Transfer
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object.
network
low complexity
fortra CWE-502
7.2
2023-02-03 CVE-2023-25135 Deserialization of Untrusted Data vulnerability in Vbulletin 5.6.7/5.6.8/5.6.9
vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization.
network
low complexity
vbulletin CWE-502
critical
9.8
2023-01-31 CVE-2023-24162 Deserialization of Untrusted Data vulnerability in Hutool 5.8.11
Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter.
network
low complexity
hutool CWE-502
critical
9.8
2023-01-26 CVE-2022-31710 Deserialization of Untrusted Data vulnerability in VMWare Vrealize LOG Insight
vRealize Log Insight contains a deserialization vulnerability.
network
low complexity
vmware CWE-502
7.5