VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Deserialization of Untrusted Data
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-01-11
CVE-2024-12877
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 via deserialization of untrusted input from the donation form like 'firstName'.
network
low complexity
CWE-502
critical
9.8
9.8
2025-01-11
CVE-2024-12627
The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.5 via deserialization of untrusted input from post content passed to the capture_email AJAX action.
network
high complexity
CWE-502
7.5
7.5
2025-01-07
CVE-2024-11465
The Custom Product Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8.5 via deserialization of untrusted input in the 'yikes_woo_products_tabs' post meta parameter.
network
low complexity
CWE-502
7.2
7.2
2025-01-07
CVE-2024-12313
The Compare Products for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.1 via deserialization of untrusted input from the 'woo_compare_list' cookie.
network
high complexity
CWE-502
8.1
8.1
2025-01-05
CVE-2024-13136
Deserialization of Untrusted Data vulnerability in Wangl1989 Mysiteforme 1.0
A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical.
network
low complexity
wangl1989
CWE-502
critical
9.8
9.8
2025-01-04
CVE-2024-10932
The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursive_unserialize_replace' function.
network
low complexity
CWE-502
8.8
8.8
2024-12-25
CVE-2024-52046
Deserialization of Untrusted Data vulnerability in Apache Mina
The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses.
network
low complexity
apache
CWE-502
critical
9.8
9.8
2024-12-21
CVE-2024-12721
The Custom Product Tabs For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.4 via deserialization of untrusted input from the 'wb_custom_tabs' parameter.
network
low complexity
CWE-502
7.2
7.2
2024-12-16
CVE-2024-10095
Deserialization of Untrusted Data vulnerability in Telerik UI for WPF
In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability.
network
low complexity
telerik
CWE-502
critical
9.8
9.8
2024-12-16
CVE-2024-54367
Deserialization of Untrusted Data vulnerability in Ultimatemember Forumwp
Deserialization of Untrusted Data vulnerability in ForumWP ForumWP allows Object Injection.This issue affects ForumWP: from n/a through 2.1.0.
network
low complexity
ultimatemember
CWE-502
critical
9.8
9.8
«
Previous
1
2
3
(current)
4
5
...
103
104
»
Next