Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2022-12-07 CVE-2022-44371 Deserialization of Untrusted Data vulnerability in Hope-Boot Project Hope-Boot 1.0.0
hope-boot 1.0.0 has a deserialization vulnerability that can cause Remote Code Execution (RCE).
network
low complexity
hope-boot-project CWE-502
critical
9.8
2022-12-05 CVE-2022-32224 Deserialization of Untrusted Data vulnerability in Activerecord Project Activerecord
A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE.
network
low complexity
activerecord-project CWE-502
critical
9.8
2022-12-01 CVE-2022-1471 Deserialization of Untrusted Data vulnerability in Snakeyaml Project Snakeyaml
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution.
network
low complexity
snakeyaml-project CWE-502
critical
9.8
2022-11-29 CVE-2022-36964 Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data.
network
low complexity
solarwinds CWE-502
8.8
2022-11-21 CVE-2022-3861 Deserialization of Untrusted Data vulnerability in Muffingroup Betheme 26.5.1.4
The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfn_builder_import, mfn_builder_import_page, importdata, importsinglepage, and importfromclipboard functions.
network
low complexity
muffingroup CWE-502
8.8
2022-11-20 CVE-2022-3525 Deserialization of Untrusted Data vulnerability in Librenms
Deserialization of Untrusted Data in GitHub repository librenms/librenms prior to 22.10.0.
network
low complexity
librenms CWE-502
8.8
2022-11-17 CVE-2022-45077 Deserialization of Untrusted Data vulnerability in Muffingroup Betheme 26.5.1.4
Auth.
network
low complexity
muffingroup CWE-502
8.8
2022-11-16 CVE-2022-45047 Deserialization of Untrusted Data vulnerability in Apache Sshd
Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey.
network
low complexity
apache CWE-502
critical
9.8
2022-11-12 CVE-2022-38650 Deserialization of Untrusted Data vulnerability in VMWare Hyperic Server 5.8.6
A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6.
network
low complexity
vmware CWE-502
critical
10.0
2022-11-12 CVE-2022-38652 Deserialization of Untrusted Data vulnerability in VMWare Hyperic Agent 5.8.6
A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6.
network
low complexity
vmware CWE-502
critical
9.9