Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2023-03-22 CVE-2023-28667 Deserialization of Untrusted Data vulnerability in Leadgenerated Lead Generated
The Lead Generated WordPress Plugin, version <= 1.23, was affected by an unauthenticated insecure deserialization issue.
network
low complexity
leadgenerated CWE-502
critical
 9.8
9.8
2023-03-03 CVE-2023-26779 Deserialization of Untrusted Data vulnerability in Yf-Exam Project Yf-Exam 1.8.0
CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution (RCE).
network
low complexity
yf-exam-project CWE-502
critical
 9.8
9.8
2023-03-01 CVE-2022-37936 Deserialization of Untrusted Data vulnerability in HPE Serviceguard for Linux
Unauthenticated Java deserialization vulnerability in Serviceguard Manager
network
low complexity
hpe CWE-502
critical
 9.8
9.8
2023-02-28 CVE-2023-20944 Deserialization of Untrusted Data vulnerability in Google Android
In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization.
local
low complexity
google CWE-502
7.8
7.8
2023-02-24 CVE-2022-23535 Deserialization of Untrusted Data vulnerability in Litedb
LiteDB is a small, fast and lightweight .NET NoSQL embedded database.
network
low complexity
litedb CWE-502
critical
 9.8
9.8
2023-02-23 CVE-2023-26326 Deserialization of Untrusted Data vulnerability in Themekraft Buddyforms
The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue.
network
low complexity
themekraft CWE-502
critical
 9.8
9.8
2023-02-21 CVE-2022-48282 Deserialization of Untrusted Data vulnerability in Mongodb C# Driver
Under very specific circumstances (see Required configuration section below), a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services.
network
low complexity
mongodb CWE-502
7.2
7.2
2023-02-21 CVE-2023-26234 Deserialization of Untrusted Data vulnerability in Jd-Gui Project Jd-Gui 1.6.6
JD-GUI 1.6.6 allows deserialization via UIMainWindowPreferencesProvider.singleInstance.
network
low complexity
jd-gui-project CWE-502
critical
 9.8
9.8
2023-02-15 CVE-2022-38111 Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform 2022.4.1
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data.
network
low complexity
solarwinds CWE-502
7.2
7.2
2023-02-15 CVE-2022-47503 Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform 2022.4.1
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data.
network
low complexity
solarwinds CWE-502
7.2
7.2