Vulnerabilities > Deserialization of Untrusted Data
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-05-24 | CVE-2021-32075 | Deserialization of Untrusted Data vulnerability in Re-Logic Terraria Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization. | 7.5 |
2021-05-24 | CVE-2021-24307 | Deserialization of Untrusted Data vulnerability in Aioseo ALL in ONE SEO The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings before 4.1.0.2 enables authenticated users with "aioseo_tools_settings" privilege (most of the time admin) to execute arbitrary code on the underlying host. | 9.0 |
2021-05-21 | CVE-2021-32634 | Deserialization of Untrusted Data vulnerability in NSA Emissary 6.4.0 Emissary is a distributed, peer-to-peer, data-driven workflow framework. | 6.5 |
2021-05-21 | CVE-2021-31474 | Deserialization of Untrusted Data vulnerability in Solarwinds Network Performance Monitor This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. | 10.0 |
2021-05-14 | CVE-2021-24280 | Deserialization of Untrusted Data vulnerability in Querysol Redirection for Contact Form 7 In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the import_from_debug AJAX action to inject PHP objects. | 6.5 |
2021-05-13 | CVE-2021-33026 | Deserialization of Untrusted Data vulnerability in Flask-Caching Project Flask-Caching The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. | 9.8 |
2021-05-11 | CVE-2021-29508 | Deserialization of Untrusted Data vulnerability in Asynkron Wire Due to how Wire handles type information in its serialization format, malicious payloads can be passed to a deserializer. | 6.4 |
2021-05-07 | CVE-2021-32098 | Deserialization of Untrusted Data vulnerability in Artica Pandora FMS 742 Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization. | 7.5 |
2021-04-28 | CVE-2021-25152 | Deserialization of Untrusted Data vulnerability in Arubanetworks Airwave A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. | 9.0 |
2021-04-28 | CVE-2021-25151 | Deserialization of Untrusted Data vulnerability in Arubanetworks Airwave A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. | 9.0 |