Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-16 | CVE-2020-5664 | Deserialization of Untrusted Data vulnerability in Riken Xoonips Deserialization of untrusted data vulnerability in XooNIps 3.49 and earlier allows remote attackers to execute arbitrary code via unspecified vectors. | 9.8 |
| 2020-11-07 | CVE-2020-28339 | Deserialization of Untrusted Data vulnerability in Collne Welcart E-Commerce The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. | 8.8 |
| 2020-11-02 | CVE-2020-28032 | Deserialization of Untrusted Data vulnerability in multiple products WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php. | 9.8 |
| 2020-10-22 | CVE-2020-10721 | Deserialization of Untrusted Data vulnerability in Redhat Fabric8-Maven A flaw was found in the fabric8-maven-plugin 4.0.0 and later. | 7.8 |
| 2020-10-21 | CVE-2020-15244 | Deserialization of Untrusted Data vulnerability in Openmage Magento In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. | 7.2 |
| 2020-10-19 | CVE-2020-24648 | Deserialization of Untrusted Data vulnerability in HP Intelligent Management Center A accessmgrservlet classname deserialization of untrusted data remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
| 2020-10-12 | CVE-2020-7811 | Deserialization of Untrusted Data vulnerability in Samsung Update Samsung Update 3.0.2.0 ~ 3.0.32.0 has a vulnerability that allows privilege escalation as commands crafted by attacker are executed while the engine deserializes the data received during inter-process communication | 7.8 |
| 2020-10-12 | CVE-2020-26867 | Deserialization of Untrusted Data vulnerability in Pcvuesolutions Pcvue 12/8.10 ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, which may allow an attacker to remotely execute arbitrary code on the web and mobile back-end server. | 9.8 |
| 2020-10-10 | CVE-2020-26945 | Deserialization of Untrusted Data vulnerability in Mybatis MyBatis before 3.5.6 mishandles deserialization of object streams. | 8.1 |
| 2020-10-08 | CVE-2020-4280 | Deserialization of Untrusted Data vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. | 8.8 |