Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2022-12-15 CVE-2021-33420 Deserialization of Untrusted Data vulnerability in Replicator Project Replicator
A deserialization issue discovered in inikulin replicator before 1.0.4 allows remote attackers to run arbitrary code via the fromSerializable function in TypedArray object.
network
low complexity
replicator-project CWE-502
critical
 9.8
9.8
2022-12-07 CVE-2022-44351 Deserialization of Untrusted Data vulnerability in Skycaiji 2.5.1
Skycaiji v2.5.1 was discovered to contain a deserialization vulnerability via /SkycaijiApp/admin/controller/Mystore.php.
network
low complexity
skycaiji CWE-502
critical
 9.8
9.8
2022-12-07 CVE-2022-44371 Deserialization of Untrusted Data vulnerability in Hope-Boot Project Hope-Boot 1.0.0
hope-boot 1.0.0 has a deserialization vulnerability that can cause Remote Code Execution (RCE).
network
low complexity
hope-boot-project CWE-502
critical
 9.8
9.8
2022-12-05 CVE-2022-32224 Deserialization of Untrusted Data vulnerability in Activerecord Project Activerecord
A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE.
network
low complexity
activerecord-project CWE-502
critical
 9.8
9.8
2022-12-02 CVE-2022-46366 Deserialization of Untrusted Data vulnerability in Apache Tapestry
Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution.
network
low complexity
apache CWE-502
critical
 9.8
9.8
2022-12-01 CVE-2022-1471 Deserialization of Untrusted Data vulnerability in Snakeyaml Project Snakeyaml
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution.
network
low complexity
snakeyaml-project CWE-502
critical
 9.8
9.8
2022-11-29 CVE-2022-36964 Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data.
network
low complexity
solarwinds CWE-502
8.8
8.8
2022-11-25 CVE-2022-41958 Deserialization of Untrusted Data vulnerability in Super Xray Project Super Xray
super-xray is a web vulnerability scanning tool.
local
low complexity
super-xray-project CWE-502
7.8
7.8
2022-11-23 CVE-2022-41875 Deserialization of Untrusted Data vulnerability in Airbnb Optica
A remote code execution (RCE) vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads.
network
low complexity
airbnb CWE-502
critical
 9.8
9.8
2022-11-23 CVE-2022-41922 Deserialization of Untrusted Data vulnerability in Yiiframework YII
`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input.
network
low complexity
yiiframework CWE-502
critical
 9.8
9.8