Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2022-05-17 CVE-2022-24108 Deserialization of Untrusted Data vulnerability in Skyoftech SO Listing Tabs 2.2.0
The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote attacker to inject a serialized PHP object via the setting parameter, potentially resulting in the ability to write to files on the server, cause DoS, and achieve remote code execution because of deserialization of untrusted data.
network
low complexity
skyoftech CWE-502
critical
9.8
2022-05-16 CVE-2022-0573 Deserialization of Untrusted Data vulnerability in Jfrog Artifactory
JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient validation of a user-provided serialized object.
network
low complexity
jfrog CWE-502
8.8
2022-05-12 CVE-2022-29363 Deserialization of Untrusted Data vulnerability in PHPok 6.1
Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php.
network
low complexity
phpok CWE-502
critical
9.8
2022-05-06 CVE-2021-23592 Deserialization of Untrusted Data vulnerability in Thinkphp
The package topthink/framework before 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class.
network
low complexity
thinkphp CWE-502
critical
9.8
2022-05-02 CVE-2020-23620 Deserialization of Untrusted Data vulnerability in Orlansoft ERP
The Java Remote Management Interface of all versions of Orlansoft ERP was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute arbitrary code via a crafted serialized Java object.
network
low complexity
orlansoft CWE-502
critical
9.8
2022-05-02 CVE-2020-23621 Deserialization of Untrusted Data vulnerability in Squire-Technologies SVI MS Management System
The Java Remote Management Interface of all versions of SVI MS Management System was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute arbitrary code via a crafted serialized Java object.
network
low complexity
squire-technologies CWE-502
critical
9.8
2022-05-01 CVE-2022-25647 Deserialization of Untrusted Data vulnerability in multiple products
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.
network
low complexity
google debian netapp oracle CWE-502
7.5
2022-05-01 CVE-2022-25767 Deserialization of Untrusted Data vulnerability in Ureport2 Project Ureport2
All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of local gadgets.
network
low complexity
ureport2-project CWE-502
critical
9.8
2022-04-29 CVE-2022-29936 Deserialization of Untrusted Data vulnerability in USU Oracle Optimization 5.16.2
USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execution because of /v2/quantum/save-data-upload-big-file Java deserialization.
network
low complexity
usu CWE-502
8.8
2022-04-20 CVE-2022-29528 Deserialization of Untrusted Data vulnerability in Misp
An issue was discovered in MISP before 2.4.158.
network
low complexity
misp CWE-502
critical
9.8