Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-23 | CVE-2024-23636 | Deserialization of Untrusted Data vulnerability in Sofastack Sofarpc SOFARPC is a Java RPC framework. | 9.8 |
| 2024-01-22 | CVE-2017-20189 | Deserialization of Untrusted Data vulnerability in Clojure In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. | 9.8 |
| 2024-01-19 | CVE-2024-0739 | Deserialization of Untrusted Data vulnerability in Leadshop A vulnerability, which was classified as critical, was found in Hecheng Leadshop up to 1.4.20. | 9.8 |
| 2024-01-19 | CVE-2022-45083 | Deserialization of Untrusted Data vulnerability in Properfraction Profilepress Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress: from n/a through 4.3.2. | 7.2 |
| 2024-01-19 | CVE-2022-45845 | Deserialization of Untrusted Data vulnerability in Nextendweb Smart Slider 3 Deserialization of Untrusted Data vulnerability in Nextend Smart Slider 3.This issue affects Smart Slider 3: from n/a through 3.5.1.9. | 8.8 |
| 2024-01-18 | CVE-2024-0654 | Deserialization of Untrusted Data vulnerability in Iperov Deepfacelab Df.Wf.288Res.384.92.72.22 A vulnerability, which was classified as problematic, was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. | 7.8 |
| 2024-01-16 | CVE-2024-0603 | Deserialization of Untrusted Data vulnerability in Zhicms A vulnerability classified as critical has been found in ZhiCms up to 4.0. | 9.8 |
| 2024-01-16 | CVE-2023-1405 | Deserialization of Untrusted Data vulnerability in Strategy11 Formidable Forms The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present. | 7.5 |
| 2024-01-15 | CVE-2023-6049 | Deserialization of Untrusted Data vulnerability in Estatik The Estatik Real Estate Plugin WordPress plugin before 4.1.1 unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blog | 9.8 |
| 2024-01-09 | CVE-2023-7032 | Deserialization of Untrusted Data vulnerability in Schneider-Electric Easergy Studio A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker logged in with a user level account to gain higher privileges by providing a harmful serialized object. | 7.8 |