Vulnerabilities > Deserialization of Untrusted Data
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-07 | CVE-2022-44371 | Deserialization of Untrusted Data vulnerability in Hope-Boot Project Hope-Boot 1.0.0 hope-boot 1.0.0 has a deserialization vulnerability that can cause Remote Code Execution (RCE). | 9.8 |
2022-12-05 | CVE-2022-32224 | Deserialization of Untrusted Data vulnerability in Activerecord Project Activerecord A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE. | 9.8 |
2022-12-01 | CVE-2022-1471 | Deserialization of Untrusted Data vulnerability in Snakeyaml Project Snakeyaml SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. | 9.8 |
2022-11-29 | CVE-2022-36964 | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. | 8.8 |
2022-11-21 | CVE-2022-3861 | Deserialization of Untrusted Data vulnerability in Muffingroup Betheme 26.5.1.4 The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfn_builder_import, mfn_builder_import_page, importdata, importsinglepage, and importfromclipboard functions. | 8.8 |
2022-11-20 | CVE-2022-3525 | Deserialization of Untrusted Data vulnerability in Librenms Deserialization of Untrusted Data in GitHub repository librenms/librenms prior to 22.10.0. | 8.8 |
2022-11-17 | CVE-2022-45077 | Deserialization of Untrusted Data vulnerability in Muffingroup Betheme 26.5.1.4 Auth. | 8.8 |
2022-11-16 | CVE-2022-45047 | Deserialization of Untrusted Data vulnerability in Apache Sshd Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. | 9.8 |
2022-11-12 | CVE-2022-38650 | Deserialization of Untrusted Data vulnerability in VMWare Hyperic Server 5.8.6 A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. | 10.0 |
2022-11-12 | CVE-2022-38652 | Deserialization of Untrusted Data vulnerability in VMWare Hyperic Agent 5.8.6 A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6. | 9.9 |