Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-28 | CVE-2020-36326 | Deserialization of Untrusted Data vulnerability in multiple products PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. | 9.8 |
| 2021-04-27 | CVE-2021-29476 | Deserialization of Untrusted Data vulnerability in Wordpress Requests 1.6.0/1.6.1/1.7.0 Requests is a HTTP library written in PHP. | 7.5 |
| 2021-04-27 | CVE-2021-30128 | Deserialization of Untrusted Data vulnerability in Apache Ofbiz Apache OFBiz has unsafe deserialization prior to 17.12.07 version | 9.8 |
| 2021-04-27 | CVE-2021-29200 | Deserialization of Untrusted Data vulnerability in Apache Ofbiz Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack | 9.8 |
| 2021-04-23 | CVE-2020-7385 | Deserialization of Untrusted Data vulnerability in Rapid7 Metasploit By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions. | 6.8 |
| 2021-04-22 | CVE-2021-27277 | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform 2020.2 This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2. | 7.2 |
| 2021-04-22 | CVE-2021-3287 | Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class. | 7.5 |
| 2021-04-21 | CVE-2021-21426 | Deserialization of Untrusted Data vulnerability in Openmage Magento Magento-lts is a long-term support alternative to Magento Community Edition (CE). | 7.5 |
| 2021-04-20 | CVE-2021-3035 | Deserialization of Untrusted Data vulnerability in Paloaltonetworks Bridgecrew Checkov An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. | 6.5 |
| 2021-04-15 | CVE-2021-27850 | Deserialization of Untrusted Data vulnerability in Apache Tapestry 5.4.0 A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. | 10.0 |