Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2023-01-18 CVE-2023-21839 Deserialization of Untrusted Data vulnerability in Oracle Weblogic Server 12.2.1.3.0/12.2.1.4.0/14.1.1.0.0
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
network
low complexity
oracle CWE-502
7.5
7.5
2023-01-16 CVE-2022-4890 Deserialization of Untrusted Data vulnerability in Predictapp Project Predictapp
A vulnerability, which was classified as critical, has been found in abhilash1985 PredictApp.
network
low complexity
predictapp-project CWE-502
critical
 9.8
9.8
2023-01-14 CVE-2023-22850 Deserialization of Untrusted Data vulnerability in Tiki
Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call.
network
low complexity
tiki CWE-502
8.8
8.8
2023-01-13 CVE-2022-46478 Deserialization of Untrusted Data vulnerability in Datax-Web Project Datax-Web
The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized data.
network
low complexity
datax-web-project CWE-502
critical
 9.8
9.8
2023-01-13 CVE-2022-41778 Deserialization of Untrusted Data vulnerability in Deltaww Infrasuite Device Master 00.00.01A
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-DataCollect service port without proper verification.
network
low complexity
deltaww CWE-502
8.8
8.8
2023-01-10 CVE-2022-47083 Deserialization of Untrusted Data vulnerability in Spitfire Project Spitfire 1.0475
A PHP Object Injection vulnerability in the unserialize() function Spitfire CMS v1.0.475 allows authenticated attackers to execute arbitrary code via sending crafted requests to the web application.
network
low complexity
spitfire-project CWE-502
8.8
8.8
2023-01-03 CVE-2021-32824 Deserialization of Untrusted Data vulnerability in Apache Dubbo
Apache Dubbo is a java based, open source RPC framework.
network
low complexity
apache CWE-502
critical
 9.8
9.8
2022-12-26 CVE-2020-10650 Deserialization of Untrusted Data vulnerability in multiple products
A deserialization flaw was discovered in jackson-databind through 2.9.10.4.
network
high complexity
fasterxml oracle CWE-502
8.1
8.1
2022-12-20 CVE-2022-41596 Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos
The system tool has inconsistent serialization and deserialization.
network
low complexity
huawei CWE-502
7.5
7.5
2022-12-16 CVE-2021-38241 Deserialization of Untrusted Data vulnerability in Ruoyi
Deserialization issue discovered in Ruoyi before 4.6.1 allows remote attackers to run arbitrary code via weak cipher in Shiro framework.
network
low complexity
ruoyi CWE-502
critical
 9.8
9.8