Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-23 | CVE-2022-36944 | Deserialization of Untrusted Data vulnerability in multiple products Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. | 9.8 |
| 2022-09-20 | CVE-2022-40955 | Deserialization of Untrusted Data vulnerability in Apache Inlong In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially leading to Remote Code Execution on the Apache InLong server. | 8.8 |
| 2022-09-16 | CVE-2022-39008 | Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos The NFC module has bundle serialization/deserialization vulnerabilities. | 9.1 |
| 2022-09-15 | CVE-2022-38352 | Deserialization of Untrusted Data vulnerability in Thinkphp 6.0.13 ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\Psr6Cache. | 9.8 |
| 2022-09-06 | CVE-2022-36038 | Deserialization of Untrusted Data vulnerability in Circuitverse CircuitVerse is an open-source platform which allows users to construct digital logic circuits online. | 7.8 |
| 2022-09-06 | CVE-2022-2433 | Deserialization of Untrusted Data vulnerability in Connekthq Ajax Load More The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'alm_repeaters_export' parameter in versions up to, and including 5.5.3. | 8.8 |
| 2022-09-06 | CVE-2022-2434 | Deserialization of Untrusted Data vulnerability in Instawp String Locator The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the 'string-locator-path' parameter in versions up to, and including 2.5.0. | 8.8 |
| 2022-09-06 | CVE-2022-2436 | Deserialization of Untrusted Data vulnerability in Wpdownloadmanager Wordpress Download Manager The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'file[package_dir]' parameter in versions up to, and including 3.2.49. | 8.8 |
| 2022-09-06 | CVE-2022-2438 | Deserialization of Untrusted Data vulnerability in Managewp Broken Link Checker The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the '$log_file' value in versions up to, and including 1.11.16. | 7.2 |
| 2022-09-06 | CVE-2022-2442 | Deserialization of Untrusted Data vulnerability in Wpvivid Migration, Backup, Staging The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to deserialization of untrusted input via the 'path' parameter in versions up to, and including 0.9.74. | 7.2 |