Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-20 | CVE-2021-3035 | Deserialization of Untrusted Data vulnerability in Paloaltonetworks Bridgecrew Checkov An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. | 7.2 |
| 2021-04-15 | CVE-2021-27850 | Deserialization of Untrusted Data vulnerability in Apache Tapestry A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. | 9.8 |
| 2021-04-14 | CVE-2021-29654 | Deserialization of Untrusted Data vulnerability in Stackpath Ajaxsearchpro AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data (in the import database feature of the administration panel), leading to Remote Code execution. | 7.2 |
| 2021-04-12 | CVE-2021-21524 | Deserialization of Untrusted Data vulnerability in Dell products Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted Deserialization Vulnerability. | 9.8 |
| 2021-03-22 | CVE-2021-26295 | Deserialization of Untrusted Data vulnerability in Apache Ofbiz Apache OFBiz has unsafe deserialization prior to 17.12.06. | 9.8 |
| 2021-03-12 | CVE-2020-36282 | Deserialization of Untrusted Data vulnerability in Rabbitmq JMS Client JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage data. | 9.8 |
| 2021-03-11 | CVE-2020-29045 | Deserialization of Untrusted Data vulnerability in Fivestarplugins Five Star Restaurant Menu The food-and-drink-menu plugin through 2.2.0 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the fdm_cart cookie in load_cart_from_cookie in includes/class-cart-manager.php. | 9.8 |
| 2021-03-09 | CVE-2021-21488 | Deserialization of Untrusted Data vulnerability in SAP Netweaver Knowledge Management Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with basic privileges to deserialize user-controlled data without verification, leading to insecure deserialization which triggers the attacker’s code, therefore impacting Availability. | 6.5 |
| 2021-03-04 | CVE-2020-24914 | Deserialization of Untrusted Data vulnerability in Qcubed A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request. | 9.8 |
| 2021-03-04 | CVE-2020-24036 | Deserialization of Untrusted Data vulnerability in Fork-Cms Fork CMS PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code. | 8.8 |