Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2021-05-24 CVE-2021-32075 Deserialization of Untrusted Data vulnerability in Re-Logic Terraria
Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization.
network
low complexity
re-logic CWE-502
7.5
7.5
2021-05-24 CVE-2021-24307 Deserialization of Untrusted Data vulnerability in Aioseo ALL in ONE SEO
The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings before 4.1.0.2 enables authenticated users with "aioseo_tools_settings" privilege (most of the time admin) to execute arbitrary code on the underlying host.
network
low complexity
aioseo CWE-502
critical
 9.0
9.0
2021-05-21 CVE-2021-32634 Deserialization of Untrusted Data vulnerability in NSA Emissary 6.4.0
Emissary is a distributed, peer-to-peer, data-driven workflow framework.
network
low complexity
nsa CWE-502
6.5
6.5
2021-05-21 CVE-2021-31474 Deserialization of Untrusted Data vulnerability in Solarwinds Network Performance Monitor
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1.
network
low complexity
solarwinds CWE-502
critical
 10.0
10
2021-05-14 CVE-2021-24280 Deserialization of Untrusted Data vulnerability in Querysol Redirection for Contact Form 7
In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the import_from_debug AJAX action to inject PHP objects.
network
low complexity
querysol CWE-502
6.5
6.5
2021-05-13 CVE-2021-33026 Deserialization of Untrusted Data vulnerability in Flask-Caching Project Flask-Caching
The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation.
network
low complexity
flask-caching-project CWE-502
critical
 9.8
9.8
2021-05-11 CVE-2021-29508 Deserialization of Untrusted Data vulnerability in Asynkron Wire
Due to how Wire handles type information in its serialization format, malicious payloads can be passed to a deserializer.
network
low complexity
asynkron CWE-502
6.4
6.4
2021-05-07 CVE-2021-32098 Deserialization of Untrusted Data vulnerability in Artica Pandora FMS 742
Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization.
network
low complexity
artica CWE-502
7.5
7.5
2021-04-28 CVE-2021-25152 Deserialization of Untrusted Data vulnerability in Arubanetworks Airwave
A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1.
network
low complexity
arubanetworks CWE-502
critical
 9.0
9.0
2021-04-28 CVE-2021-25151 Deserialization of Untrusted Data vulnerability in Arubanetworks Airwave
A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1.
network
low complexity
arubanetworks CWE-502
critical
 9.0
9.0