Vulnerabilities > Deserialization of Untrusted Data

DATE	CVE	VULNERABILITY TITLE	RISK
2022-12-26	CVE-2020-10650	Deserialization of Untrusted Data vulnerability in multiple products A deserialization flaw was discovered in jackson-databind through 2.9.10.4. network high complexity fasterxml oracle CWE-502	8.1
2022-12-20	CVE-2022-41596	Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos The system tool has inconsistent serialization and deserialization. network low complexity huawei CWE-502	7.5
2022-12-16	CVE-2021-38241	Deserialization of Untrusted Data vulnerability in Ruoyi Deserialization issue discovered in Ruoyi before 4.6.1 allows remote attackers to run arbitrary code via weak cipher in Shiro framework. network low complexity ruoyi CWE-502 critical	9.8
2022-12-15	CVE-2021-33420	Deserialization of Untrusted Data vulnerability in Replicator Project Replicator A deserialization issue discovered in inikulin replicator before 1.0.4 allows remote attackers to run arbitrary code via the fromSerializable function in TypedArray object. network low complexity replicator-project CWE-502 critical	9.8
2022-12-07	CVE-2022-44351	Deserialization of Untrusted Data vulnerability in Skycaiji 2.5.1 Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin/controller/Mystore.php. network low complexity skycaiji CWE-502 critical	9.8
2022-12-07	CVE-2022-44371	Deserialization of Untrusted Data vulnerability in Hope-Boot Project Hope-Boot 1.0.0 hope-boot 1.0.0 has a deserialization vulnerability that can cause Remote Code Execution (RCE). network low complexity hope-boot-project CWE-502 critical	9.8
2022-12-05	CVE-2022-32224	Deserialization of Untrusted Data vulnerability in Activerecord Project Activerecord A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE. network low complexity activerecord-project CWE-502 critical	9.8
2022-12-01	CVE-2022-1471	Deserialization of Untrusted Data vulnerability in Snakeyaml Project Snakeyaml SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. network low complexity snakeyaml-project CWE-502 critical	9.8
2022-11-29	CVE-2022-36964	Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. network low complexity solarwinds CWE-502	8.8
2022-11-21	CVE-2022-3861	Deserialization of Untrusted Data vulnerability in Muffingroup Betheme 26.5.1.4 The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfn_builder_import, mfn_builder_import_page, importdata, importsinglepage, and importfromclipboard functions. network low complexity muffingroup CWE-502	8.8