Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-14 | CVE-2024-9953 | Deserialization of Untrusted Data vulnerability in Cert Vince A potential denial-of-service (DoS) vulnerability exists in CERT VINCE software versions prior to 3.0.8. | 4.9 |
| 2024-10-14 | CVE-2024-45733 | Deserialization of Untrusted Data vulnerability in Splunk In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) due to an insecure session storage configuration. | 8.8 |
| 2024-10-13 | CVE-2024-9917 | Deserialization of Untrusted Data vulnerability in Usualtool Usualtoolcms 9.0 A vulnerability, which was classified as critical, was found in HuangDou UTCMS V9. | 4.9 |
| 2024-10-11 | CVE-2024-47074 | Deserialization of Untrusted Data vulnerability in Dataease DataEase is an open source data visualization analysis tool. | 9.8 |
| 2024-10-10 | CVE-2024-47636 | Deserialization of Untrusted Data vulnerability in Eyecix Jobsearch WP JOB Board Deserialization of Untrusted Data vulnerability in Eyecix JobSearch allows Object Injection.This issue affects JobSearch: from n/a through 2.5.9. | 9.8 |
| 2024-10-05 | CVE-2024-9314 | The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.228 via deserialization of untrusted input 'set_redirections' function. | 7.2 |
| 2024-10-01 | CVE-2024-7432 | Deserialization of Untrusted Data vulnerability in Ultrapress Unseen Blog The Unseen Blog theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input. | 8.8 |
| 2024-10-01 | CVE-2024-7433 | Deserialization of Untrusted Data vulnerability in Ultrapress Empowerment The Empowerment theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.2 via deserialization of untrusted input. | 8.8 |
| 2024-10-01 | CVE-2024-7434 | Deserialization of Untrusted Data vulnerability in Ultrapress The UltraPress theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.1 via deserialization of untrusted input. | 8.8 |
| 2024-09-30 | CVE-2024-45772 | Deserialization of Untrusted Data vulnerability in Apache Lucene Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users are recommended to upgrade to version 9.12.0, which fixes the issue. Java serialization filters (such as -Djdk.serialFilter='!*' on the commandline) can mitigate the issue on vulnerable versions without impacting functionality. | 8.0 |