Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-17 | CVE-2022-24108 | Deserialization of Untrusted Data vulnerability in Skyoftech SO Listing Tabs 2.2.0 The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote attacker to inject a serialized PHP object via the setting parameter, potentially resulting in the ability to write to files on the server, cause DoS, and achieve remote code execution because of deserialization of untrusted data. | 9.8 |
| 2022-05-16 | CVE-2022-0573 | Deserialization of Untrusted Data vulnerability in Jfrog Artifactory JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient validation of a user-provided serialized object. | 8.8 |
| 2022-05-12 | CVE-2022-29363 | Deserialization of Untrusted Data vulnerability in PHPok 6.1 Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php. | 9.8 |
| 2022-05-06 | CVE-2021-23592 | Deserialization of Untrusted Data vulnerability in Thinkphp The package topthink/framework before 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class. | 9.8 |
| 2022-05-02 | CVE-2020-23620 | Deserialization of Untrusted Data vulnerability in Orlansoft ERP The Java Remote Management Interface of all versions of Orlansoft ERP was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute arbitrary code via a crafted serialized Java object. | 9.8 |
| 2022-05-02 | CVE-2020-23621 | Deserialization of Untrusted Data vulnerability in Squire-Technologies SVI MS Management System The Java Remote Management Interface of all versions of SVI MS Management System was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute arbitrary code via a crafted serialized Java object. | 9.8 |
| 2022-05-01 | CVE-2022-25647 | Deserialization of Untrusted Data vulnerability in multiple products The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. | 7.5 |
| 2022-05-01 | CVE-2022-25767 | Deserialization of Untrusted Data vulnerability in Ureport2 Project Ureport2 All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of local gadgets. | 9.8 |
| 2022-04-29 | CVE-2022-29936 | Deserialization of Untrusted Data vulnerability in USU Oracle Optimization 5.16.2 USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execution because of /v2/quantum/save-data-upload-big-file Java deserialization. | 8.8 |
| 2022-04-20 | CVE-2022-29528 | Deserialization of Untrusted Data vulnerability in Misp An issue was discovered in MISP before 2.4.158. | 9.8 |