Vulnerabilities > Deserialization of Untrusted Data

DATE	CVE	VULNERABILITY TITLE	RISK
2021-09-01	CVE-2021-35216	Deserialization of Untrusted Data vulnerability in Solarwinds Patch Manager Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. network low complexity solarwinds CWE-502 critical	9.0
2021-09-01	CVE-2021-35218	Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. network low complexity solarwinds CWE-502	6.5
2021-08-31	CVE-2021-36231	Deserialization of Untrusted Data vulnerability in Unit4 Mik.Starlight 7.9.5.24363 Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects. network low complexity unit4 CWE-502 critical	9.0
2021-08-31	CVE-2021-21677	Deserialization of Untrusted Data vulnerability in Jenkins Code Coverage API Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization protection to Java objects it deserializes from disk, resulting in a remote code execution vulnerability. network low complexity jenkins CWE-502	8.8
2021-08-31	CVE-2021-36981	Deserialization of Untrusted Data vulnerability in Sernet Verinice In the server in SerNet verinice before 1.22.2, insecure Java deserialization allows remote authenticated attackers to execute arbitrary code. network low complexity sernet CWE-502	8.8
2021-08-30	CVE-2021-39132	Deserialization of Untrusted Data vulnerability in Pagerduty Rundeck Rundeck is an open source automation service with a web console, command line tools and a WebAPI. network low complexity pagerduty CWE-502	6.5
2021-08-30	CVE-2021-34066	Deserialization of Untrusted Data vulnerability in Edgegallery Developer-Be 0.9/0.9.1 An issue was discovered in EdgeGallery/developer before v1.0. network low complexity edgegallery CWE-502 critical	10.0
2021-08-30	CVE-2021-21741	Deserialization of Untrusted Data vulnerability in ZTE Zxv10 M910 Firmware There is a command execution vulnerability in a ZTE conference management system. network low complexity zte CWE-502 critical	9.8
2021-08-30	CVE-2021-24579	Deserialization of Untrusted Data vulnerability in Bold-Themes Bold Page Builder The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plugin before 3.1.6 passes user input into the unserialize() function without any validation or sanitisation, which could lead to a PHP Object Injection. network low complexity bold-themes CWE-502	6.5
2021-08-25	CVE-2021-21869	Deserialization of Untrusted Data vulnerability in Codesys 3.5.16.0/3.5.17.0 An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. local low complexity codesys CWE-502	7.8