Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-17 | CVE-2023-5016 | Deserialization of Untrusted Data vulnerability in Ssssssss Spider-Flow 0.4.3 A vulnerability was found in spider-flow up to 0.5.0. | 9.8 |
| 2023-09-14 | CVE-2023-32636 | Deserialization of Untrusted Data vulnerability in Gnome Glib A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. | 7.5 |
| 2023-09-14 | CVE-2023-32665 | Deserialization of Untrusted Data vulnerability in Gnome Glib A flaw was found in GLib. | 5.5 |
| 2023-09-14 | CVE-2023-38204 | Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 2018/2021/2023 Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. | 9.8 |
| 2023-09-11 | CVE-2022-1415 | Deserialization of Untrusted Data vulnerability in Redhat products A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. | 8.8 |
| 2023-09-11 | CVE-2023-35669 | Deserialization of Untrusted Data vulnerability in Google Android In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to control other running activities due to unsafe deserialization. | 7.8 |
| 2023-09-11 | CVE-2020-19559 | Deserialization of Untrusted Data vulnerability in Dieboldnixdorf Agilis XFS for Opteva 4.1.61.1 An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a remote attacker to execute arbitrary code via a crafted payload to the ResolveMethod() parameter. | 9.8 |
| 2023-09-07 | CVE-2023-4528 | Deserialization of Untrusted Data vulnerability in Redwood Jscape MFT Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface | 7.2 |
| 2023-09-06 | CVE-2023-0925 | Deserialization of Untrusted Data vulnerability in Softwareag Webmethods 10.11 Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry (listening on TCP port 2099 by default) and two RMI interfaces (listening on a single, dynamically assigned TCP high port). Port 2099 serves as a Java Remote Method Invocation (RMI) registry which allows for remotely loading and processing data via RMI interfaces. | 9.8 |
| 2023-09-06 | CVE-2023-41330 | Deserialization of Untrusted Data vulnerability in Knplabs Snappy knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. ## Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. | 9.8 |