Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2022-04-15 CVE-2022-27158 Deserialization of Untrusted Data vulnerability in PHP Pearweb
pearweb < 1.32 suffers from Deserialization of Untrusted Data.
network
low complexity
php CWE-502
critical
9.8
2022-04-14 CVE-2022-24846 Deserialization of Untrusted Data vulnerability in Geoserver Geowebcache
GeoWebCache is a tile caching server implemented in Java.
network
low complexity
geoserver CWE-502
7.2
2022-04-14 CVE-2021-21956 Deserialization of Untrusted Data vulnerability in Cloudlinux Imunify360 5.10.2/5.8/5.9
A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.10.2.
local
low complexity
cloudlinux CWE-502
7.8
2022-04-13 CVE-2022-22957 Deserialization of Untrusted Data vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958).
network
low complexity
vmware CWE-502
7.2
2022-04-13 CVE-2022-22958 Deserialization of Untrusted Data vulnerability in VMWare products
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958).
network
low complexity
vmware CWE-502
7.2
2022-04-12 CVE-2022-23450 Deserialization of Untrusted Data vulnerability in Siemens products
A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1).
network
low complexity
siemens CWE-502
critical
9.8
2022-04-06 CVE-2022-20763 Deserialization of Untrusted Data vulnerability in Cisco Webex Meetings Online Wbs42.2.11
A vulnerability in the login authorization components of Cisco Webex Meetings could allow an authenticated, remote attacker to inject arbitrary Java code.
network
low complexity
cisco CWE-502
8.8
2022-04-05 CVE-2020-19229 Deserialization of Untrusted Data vulnerability in Jeesite 1.2.7
Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437.
network
low complexity
jeesite CWE-502
critical
9.8
2022-04-05 CVE-2021-33207 Deserialization of Untrusted Data vulnerability in Softwareag Mashzone Nextgen 10.7
The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP response with a 570 status code.
network
low complexity
softwareag CWE-502
critical
9.8
2022-03-29 CVE-2022-1032 Deserialization of Untrusted Data vulnerability in Craterapp Crater
Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6.
network
low complexity
craterapp CWE-502
7.2