Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2021-05-14 CVE-2021-24280 Deserialization of Untrusted Data vulnerability in Querysol Redirection for Contact Form 7
In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the import_from_debug AJAX action to inject PHP objects.
network
low complexity
querysol CWE-502
8.8
8.8
2021-05-13 CVE-2021-33026 Deserialization of Untrusted Data vulnerability in Flask-Caching Project Flask-Caching
The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation.
network
low complexity
flask-caching-project CWE-502
critical
 9.8
9.8
2021-05-07 CVE-2021-32098 Deserialization of Untrusted Data vulnerability in Artica Pandora FMS 742
Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization.
network
low complexity
artica CWE-502
critical
 9.8
9.8
2021-04-28 CVE-2021-25152 Deserialization of Untrusted Data vulnerability in Arubanetworks Airwave
A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1.
network
low complexity
arubanetworks CWE-502
7.2
7.2
2021-04-28 CVE-2021-25151 Deserialization of Untrusted Data vulnerability in Arubanetworks Airwave
A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1.
network
low complexity
arubanetworks CWE-502
8.8
8.8
2021-04-28 CVE-2020-36326 Deserialization of Untrusted Data vulnerability in multiple products
PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname.
network
low complexity
phpmailer-project wordpress CWE-502
critical
 9.8
9.8
2021-04-27 CVE-2021-30128 Deserialization of Untrusted Data vulnerability in Apache Ofbiz
Apache OFBiz has unsafe deserialization prior to 17.12.07 version
network
low complexity
apache CWE-502
critical
 9.8
9.8
2021-04-27 CVE-2021-29200 Deserialization of Untrusted Data vulnerability in Apache Ofbiz
Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack
network
low complexity
apache CWE-502
critical
 9.8
9.8
2021-04-23 CVE-2020-7385 Deserialization of Untrusted Data vulnerability in Rapid7 Metasploit
By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions.
network
low complexity
rapid7 CWE-502
8.8
8.8
2021-04-22 CVE-2021-3287 Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Opmanager
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.
network
low complexity
zohocorp CWE-502
critical
 9.8
9.8