Vulnerabilities > Deserialization of Untrusted Data

DATE	CVE	VULNERABILITY TITLE	RISK
2021-08-30	CVE-2021-39132	Deserialization of Untrusted Data vulnerability in Pagerduty Rundeck Rundeck is an open source automation service with a web console, command line tools and a WebAPI. network low complexity pagerduty CWE-502	8.8
2021-08-30	CVE-2021-34066	Deserialization of Untrusted Data vulnerability in Edgegallery Developer-Be 0.9/0.9.1 An issue was discovered in EdgeGallery/developer before v1.0. network low complexity edgegallery CWE-502 critical	9.8
2021-08-30	CVE-2021-21741	Deserialization of Untrusted Data vulnerability in ZTE Zxv10 M910 Firmware There is a command execution vulnerability in a ZTE conference management system. network low complexity zte CWE-502 critical	9.8
2021-08-30	CVE-2021-24579	Deserialization of Untrusted Data vulnerability in Bold-Themes Bold Page Builder The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plugin before 3.1.6 passes user input into the unserialize() function without any validation or sanitisation, which could lead to a PHP Object Injection. network low complexity bold-themes CWE-502	8.8
2021-08-25	CVE-2021-21869	Deserialization of Untrusted Data vulnerability in Codesys 3.5.16.0/3.5.17.0 An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. local low complexity codesys CWE-502	7.8
2021-08-24	CVE-2021-31010	Deserialization of Untrusted Data vulnerability in Apple products A deserialization issue was addressed through improved validation. network low complexity apple CWE-502	7.5
2021-08-23	CVE-2021-39144	Deserialization of Untrusted Data vulnerability in multiple products XStream is a simple library to serialize objects to XML and back again. network high complexity xstream-project debian fedoraproject netapp oracle CWE-502	8.5
2021-08-18	CVE-2021-21867	Deserialization of Untrusted Data vulnerability in Codesys 3.5.16.0/3.5.17.0 An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. local low complexity codesys CWE-502	7.8
2021-08-18	CVE-2021-21868	Deserialization of Untrusted Data vulnerability in Codesys 3.5.16.0/3.5.17.0 An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. local low complexity codesys CWE-502	7.8
2021-08-11	CVE-2021-38585	Deserialization of Untrusted Data vulnerability in Cpanel The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585). network low complexity cpanel CWE-502	7.2