Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2023-01-18 CVE-2022-45923 Deserialization of Untrusted Data vulnerability in Opentext Extended ECM
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803).
network
low complexity
opentext CWE-502
8.8
2023-01-16 CVE-2022-4890 Deserialization of Untrusted Data vulnerability in Predictapp Project Predictapp
A vulnerability, which was classified as critical, has been found in abhilash1985 PredictApp.
network
low complexity
predictapp-project CWE-502
critical
9.8
2023-01-14 CVE-2023-22850 Deserialization of Untrusted Data vulnerability in Tiki
Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call.
network
low complexity
tiki CWE-502
8.8
2023-01-13 CVE-2022-46478 Deserialization of Untrusted Data vulnerability in Datax-Web Project Datax-Web
The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized data.
network
low complexity
datax-web-project CWE-502
critical
9.8
2023-01-10 CVE-2022-47083 Deserialization of Untrusted Data vulnerability in Spitfire Project Spitfire 1.0475
A PHP Object Injection vulnerability in the unserialize() function Spitfire CMS v1.0.475 allows authenticated attackers to execute arbitrary code via sending crafted requests to the web application.
network
low complexity
spitfire-project CWE-502
8.8
2022-12-26 CVE-2020-10650 Deserialization of Untrusted Data vulnerability in multiple products
A deserialization flaw was discovered in jackson-databind through 2.9.10.4.
network
high complexity
fasterxml oracle CWE-502
8.1
2022-12-20 CVE-2022-41596 Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos
The system tool has inconsistent serialization and deserialization.
network
low complexity
huawei CWE-502
7.5
2022-12-16 CVE-2021-38241 Deserialization of Untrusted Data vulnerability in Ruoyi
Deserialization issue discovered in Ruoyi before 4.6.1 allows remote attackers to run arbitrary code via weak cipher in Shiro framework.
network
low complexity
ruoyi CWE-502
critical
9.8
2022-12-15 CVE-2021-33420 Deserialization of Untrusted Data vulnerability in Replicator Project Replicator
A deserialization issue discovered in inikulin replicator before 1.0.4 allows remote attackers to run arbitrary code via the fromSerializable function in TypedArray object.
network
low complexity
replicator-project CWE-502
critical
9.8
2022-12-07 CVE-2022-44351 Deserialization of Untrusted Data vulnerability in Skycaiji 2.5.1
Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin/controller/Mystore.php.
network
low complexity
skycaiji CWE-502
critical
9.8