Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-21 | CVE-2023-27978 | Deserialization of Untrusted Data vulnerability in Schneider-Electric Custom Reports, Igss Dashboard and Igss Data Server A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file. | 7.8 |
| 2023-03-17 | CVE-2023-28115 | Deserialization of Untrusted Data vulnerability in Knplabs Snappy Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. | 9.8 |
| 2023-03-10 | CVE-2023-26464 | Deserialization of Untrusted Data vulnerability in Apache Log4J ** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. | 7.5 |
| 2023-03-08 | CVE-2023-23638 | Deserialization of Untrusted Data vulnerability in Apache Dubbo A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. | 9.8 |
| 2023-03-03 | CVE-2023-26779 | Deserialization of Untrusted Data vulnerability in Yf-Exam Project Yf-Exam 1.8.0 CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution (RCE). | 9.8 |
| 2023-03-01 | CVE-2022-37936 | Deserialization of Untrusted Data vulnerability in HPE Serviceguard for Linux Unauthenticated Java deserialization vulnerability in Serviceguard Manager | 9.8 |
| 2023-02-28 | CVE-2023-20944 | Deserialization of Untrusted Data vulnerability in Google Android In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization. | 7.8 |
| 2023-02-24 | CVE-2022-23535 | Deserialization of Untrusted Data vulnerability in Litedb LiteDB is a small, fast and lightweight .NET NoSQL embedded database. | 9.8 |
| 2023-02-23 | CVE-2023-26326 | Deserialization of Untrusted Data vulnerability in Themekraft Buddyforms The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. | 9.8 |
| 2023-02-22 | CVE-2023-0960 | Deserialization of Untrusted Data vulnerability in Seacms 11.6 A vulnerability was found in SeaCMS 11.6 and classified as problematic. | 9.8 |