Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-07 | CVE-2020-36727 | Deserialization of Untrusted Data vulnerability in Xyzscripts Newsletter Manager The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions up to, and including, 1.5.1. | 9.8 |
| 2023-06-01 | CVE-2023-33963 | Deserialization of Untrusted Data vulnerability in Dataease DataEase is an open source data visualization and analysis tool. | 9.8 |
| 2023-05-30 | CVE-2023-2288 | Deserialization of Untrusted Data vulnerability in Themeisle Otter The Otter WordPress plugin before 2.2.6 does not sanitize some user-controlled file paths before performing file operations on them. | 8.8 |
| 2023-05-25 | CVE-2023-2500 | Deserialization of Untrusted Data vulnerability in Granthweb GO Pricing The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.3.19 via deserialization of untrusted input from the 'go_pricing' shortcode 'data' parameter. | 8.8 |
| 2023-05-24 | CVE-2022-4815 | Deserialization of Untrusted Data vulnerability in Hitachi products Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods. | 8.8 |
| 2023-05-23 | CVE-2023-27068 | Deserialization of Untrusted Data vulnerability in Sitecore Experience Platform Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx. | 9.8 |
| 2023-05-16 | CVE-2023-31890 | Deserialization of Untrusted Data vulnerability in Glazedlists Glazed Lists 1.11.0 An XML Deserialization vulnerability in glazedlists v1.11.0 allows an attacker to execute arbitrary code via the BeanXMLByteCoder.decode() parameter. | 9.8 |
| 2023-05-12 | CVE-2023-20878 | Deserialization of Untrusted Data vulnerability in VMWare Cloud Foundation and Vrealize Operations VMware Aria Operations contains a deserialization vulnerability. | 7.2 |
| 2023-05-08 | CVE-2023-1650 | Deserialization of Untrusted Data vulnerability in Quantumcloud AI Chatbot The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog | 9.8 |
| 2023-04-27 | CVE-2023-1967 | Deserialization of Untrusted Data vulnerability in Keysight N8844A 2.1.7351 Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid. | 9.8 |