Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-03 | CVE-2020-29047 | Deserialization of Untrusted Data vulnerability in Thimpress WP Hotel Booking The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpress_hotel_booking_1 cookie in load in includes/class-wphb-sessions.php. | 9.8 |
| 2021-03-03 | CVE-2021-20076 | Deserialization of Untrusted Data vulnerability in Tenable Tenable.Sc Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the Tenable.sc server via Hypertext Preprocessor unserialization. | 8.8 |
| 2021-02-18 | CVE-2021-27335 | Deserialization of Untrusted Data vulnerability in Kollectapp Kollect 4.8.16 KollectApps before 4.8.16c is affected by insecure Java deserialization, leading to Remote Code Execution via a ysoserial.payloads.CommonsCollections parameter. | 9.8 |
| 2021-02-17 | CVE-2021-22855 | Deserialization of Untrusted Data vulnerability in HR Portal Project HR Portal 7.3.2020.1013 The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. | 9.8 |
| 2021-02-15 | CVE-2021-23338 | Deserialization of Untrusted Data vulnerability in Microsoft Qlib This affects all versions of package qlib. | 7.2 |
| 2021-02-14 | CVE-2021-27213 | Deserialization of Untrusted Data vulnerability in Pystemon Project Pystemon config.py in pystemon before 2021-02-13 allows code execution via YAML deserialization because SafeLoader and safe_load are not used. | 9.8 |
| 2021-02-08 | CVE-2021-26915 | Deserialization of Untrusted Data vulnerability in Netmotionsoftware Netmotion Mobility 12.0 NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet. | 8.1 |
| 2021-02-08 | CVE-2021-26914 | Deserialization of Untrusted Data vulnerability in Netmotionsoftware Netmotion Mobility 12.0 NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject. | 8.1 |
| 2021-02-08 | CVE-2021-26913 | Deserialization of Untrusted Data vulnerability in Netmotionsoftware Netmotion Mobility 12.0 NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet. | 8.1 |
| 2021-02-08 | CVE-2021-26912 | Deserialization of Untrusted Data vulnerability in Netmotionsoftware Netmotion Mobility 12.0 NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet. | 8.1 |