Vulnerabilities > Deserialization of Untrusted Data
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-01-18 | CVE-2022-45923 | Deserialization of Untrusted Data vulnerability in Opentext Extended ECM An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). | 8.8 |
2023-01-16 | CVE-2022-4890 | Deserialization of Untrusted Data vulnerability in Predictapp Project Predictapp A vulnerability, which was classified as critical, has been found in abhilash1985 PredictApp. | 9.8 |
2023-01-14 | CVE-2023-22850 | Deserialization of Untrusted Data vulnerability in Tiki Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call. | 8.8 |
2023-01-13 | CVE-2022-46478 | Deserialization of Untrusted Data vulnerability in Datax-Web Project Datax-Web The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized data. | 9.8 |
2023-01-10 | CVE-2022-47083 | Deserialization of Untrusted Data vulnerability in Spitfire Project Spitfire 1.0475 A PHP Object Injection vulnerability in the unserialize() function Spitfire CMS v1.0.475 allows authenticated attackers to execute arbitrary code via sending crafted requests to the web application. | 8.8 |
2022-12-26 | CVE-2020-10650 | Deserialization of Untrusted Data vulnerability in multiple products A deserialization flaw was discovered in jackson-databind through 2.9.10.4. | 8.1 |
2022-12-20 | CVE-2022-41596 | Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos The system tool has inconsistent serialization and deserialization. | 7.5 |
2022-12-16 | CVE-2021-38241 | Deserialization of Untrusted Data vulnerability in Ruoyi Deserialization issue discovered in Ruoyi before 4.6.1 allows remote attackers to run arbitrary code via weak cipher in Shiro framework. | 9.8 |
2022-12-15 | CVE-2021-33420 | Deserialization of Untrusted Data vulnerability in Replicator Project Replicator A deserialization issue discovered in inikulin replicator before 1.0.4 allows remote attackers to run arbitrary code via the fromSerializable function in TypedArray object. | 9.8 |
2022-12-07 | CVE-2022-44351 | Deserialization of Untrusted Data vulnerability in Skycaiji 2.5.1 Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin/controller/Mystore.php. | 9.8 |