Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-08 | CVE-2023-1650 | Deserialization of Untrusted Data vulnerability in Quantumcloud AI Chatbot The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog | 9.8 |
| 2023-04-27 | CVE-2023-1967 | Deserialization of Untrusted Data vulnerability in Keysight N8844A 2.1.7351 Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid. | 9.8 |
| 2023-04-27 | CVE-2023-20852 | Deserialization of Untrusted Data vulnerability in Aenrich A+Hrd 6.8.1039V844 aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ interpreter. | 9.8 |
| 2023-04-27 | CVE-2023-20853 | Deserialization of Untrusted Data vulnerability in Aenrich A+Hrd 6.8.1039V844 aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ asynchronized message process. | 9.8 |
| 2023-04-21 | CVE-2023-2141 | Deserialization of Untrusted Data vulnerability in 3DS Delmia Apriso 2017/2019/2022 An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution. | 8.8 |
| 2023-04-20 | CVE-2023-20864 | Deserialization of Untrusted Data vulnerability in VMWare Aria Operations for Logs and Cloud Foundation VMware Aria Operations for Logs contains a deserialization vulnerability. | 9.8 |
| 2023-04-19 | CVE-2021-28254 | Deserialization of Untrusted Data vulnerability in Laravel 8.5.9 A deserialization vulnerability in the destruct() function of Laravel v8.5.9 allows attackers to execute arbitrary commands. | 9.8 |
| 2023-04-14 | CVE-2023-2042 | Deserialization of Untrusted Data vulnerability in Datagear A vulnerability, which was classified as problematic, has been found in DataGear up to 4.7.0/5.1.0. | 8.8 |
| 2023-04-11 | CVE-2023-1552 | Deserialization of Untrusted Data vulnerability in GE Toolboxst 04.07.05C/07.09.07C ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. | 7.8 |
| 2023-04-10 | CVE-2023-29215 | Deserialization of Untrusted Data vulnerability in Apache Linkis In Apache Linkis <=1.3.1, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a deserialization vulnerability and eventually lead to remote code execution. | 9.8 |