Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-01 | CVE-2022-44542 | Deserialization of Untrusted Data vulnerability in Lesspipe Project Lesspipe lesspipe before 2.06 allows attackers to execute code via Perl Storable (pst) files, because of deserialized object destructor execution via a key/value pair in a hash. | 9.8 |
| 2022-10-31 | CVE-2022-3360 | Deserialization of Untrusted Data vulnerability in Thimpress Learnpress The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution (RCE). | 8.1 |
| 2022-10-31 | CVE-2022-3380 | Deserialization of Untrusted Data vulnerability in Wpbeaverbuilder Customizer Export/Import The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an imported file, which could lead to PHP object injection issues when an admin imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. | 7.2 |
| 2022-10-26 | CVE-2022-39944 | Deserialization of Untrusted Data vulnerability in Apache Linkis In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. | 8.8 |
| 2022-10-26 | CVE-2022-40238 | Deserialization of Untrusted Data vulnerability in Cert Vince A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. | 8.8 |
| 2022-10-25 | CVE-2022-39312 | Deserialization of Untrusted Data vulnerability in Dataease Dataease is an open source data visualization analysis tool. | 9.8 |
| 2022-10-20 | CVE-2022-36957 | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. | 7.2 |
| 2022-10-20 | CVE-2022-36958 | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. | 8.8 |
| 2022-10-20 | CVE-2022-38108 | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. | 7.2 |
| 2022-10-19 | CVE-2022-43019 | Deserialization of Untrusted Data vulnerability in Opencats 0.9.6 OpenCATS v0.9.6 was discovered to contain a remote code execution (RCE) vulnerability via the getDataGridPager's ajax functionality. | 9.8 |