Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-21 | CVE-2022-3861 | Deserialization of Untrusted Data vulnerability in Muffingroup Betheme 26.5.1.4 The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfn_builder_import, mfn_builder_import_page, importdata, importsinglepage, and importfromclipboard functions. | 8.8 |
| 2022-11-20 | CVE-2022-3525 | Deserialization of Untrusted Data vulnerability in Librenms Deserialization of Untrusted Data in GitHub repository librenms/librenms prior to 22.10.0. | 8.8 |
| 2022-11-17 | CVE-2022-45077 | Deserialization of Untrusted Data vulnerability in Muffingroup Betheme 26.5.1.4 Auth. | 8.8 |
| 2022-11-16 | CVE-2022-45047 | Deserialization of Untrusted Data vulnerability in Apache Sshd Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. | 9.8 |
| 2022-11-14 | CVE-2022-45136 | Deserialization of Untrusted Data vulnerability in Apache Jena SDB 3.17.0 Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. | 9.8 |
| 2022-11-12 | CVE-2022-38650 | Deserialization of Untrusted Data vulnerability in VMWare Hyperic Server 5.8.6 A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. | 10.0 |
| 2022-11-12 | CVE-2022-38652 | Deserialization of Untrusted Data vulnerability in VMWare Hyperic Agent 5.8.6 A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6. | 9.9 |
| 2022-11-09 | CVE-2022-44558 | Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos The AMS module has a vulnerability of serialization/deserialization mismatch. | 9.8 |
| 2022-11-09 | CVE-2022-44559 | Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos The AMS module has a vulnerability of serialization/deserialization mismatch. | 9.8 |
| 2022-11-08 | CVE-2022-41203 | Deserialization of Untrusted Data vulnerability in SAP Businessobjects Business Intelligence 4.2/4.3 In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized object, which leads to deserialization of untrusted data vulnerability. | 8.8 |