Vulnerabilities > Deserialization of Untrusted Data

DATE	CVE	VULNERABILITY TITLE	RISK
2023-02-08	CVE-2022-45982	Deserialization of Untrusted Data vulnerability in Thinkphp thinkphp 6.0.0~6.0.13 and 6.1.0~6.1.1 contains a deserialization vulnerability. network low complexity thinkphp CWE-502 critical	9.8
2023-02-06	CVE-2023-0669	Deserialization of Untrusted Data vulnerability in Fortra Goanywhere Managed File Transfer Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. network low complexity fortra CWE-502	7.2
2023-02-03	CVE-2023-25135	Deserialization of Untrusted Data vulnerability in Vbulletin 5.6.7/5.6.8/5.6.9 vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. network low complexity vbulletin CWE-502 critical	9.8
2023-01-31	CVE-2023-24162	Deserialization of Untrusted Data vulnerability in Hutool 5.8.11 Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter. network low complexity hutool CWE-502 critical	9.8
2023-01-26	CVE-2022-31710	Deserialization of Untrusted Data vulnerability in VMWare Vrealize LOG Insight vRealize Log Insight contains a deserialization vulnerability. network low complexity vmware CWE-502	7.5
2023-01-18	CVE-2022-45923	Deserialization of Untrusted Data vulnerability in Opentext Extended ECM An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). network low complexity opentext CWE-502	8.8
2023-01-16	CVE-2022-4890	Deserialization of Untrusted Data vulnerability in Predictapp Project Predictapp A vulnerability, which was classified as critical, has been found in abhilash1985 PredictApp. network low complexity predictapp-project CWE-502 critical	9.8
2023-01-14	CVE-2023-22850	Deserialization of Untrusted Data vulnerability in Tiki Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call. network low complexity tiki CWE-502	8.8
2023-01-13	CVE-2022-46478	Deserialization of Untrusted Data vulnerability in Datax-Web Project Datax-Web The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized data. network low complexity datax-web-project CWE-502 critical	9.8
2023-01-10	CVE-2022-47083	Deserialization of Untrusted Data vulnerability in Spitfire Project Spitfire 1.0475 A PHP Object Injection vulnerability in the unserialize() function Spitfire CMS v1.0.475 allows authenticated attackers to execute arbitrary code via sending crafted requests to the web application. network low complexity spitfire-project CWE-502	8.8