Vulnerabilities > Deserialization of Untrusted Data

DATE	CVE	VULNERABILITY TITLE	RISK
2021-06-01	CVE-2021-30179	Deserialization of Untrusted Data vulnerability in Apache Dubbo Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. network low complexity apache CWE-502 critical	9.8
2021-05-31	CVE-2021-33790	Deserialization of Untrusted Data vulnerability in Techreborn Reborncore The RebornCore library before 4.7.3 allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of reborncore.common.network.ExtendedPacketBuffer. network low complexity techreborn CWE-502 critical	9.8
2021-05-27	CVE-2021-27852	Deserialization of Untrusted Data vulnerability in Checkbox Survey Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code. network low complexity checkbox CWE-502 critical	9.8
2021-05-24	CVE-2021-32075	Deserialization of Untrusted Data vulnerability in Re-Logic Terraria Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization. network low complexity re-logic CWE-502 critical	9.8
2021-05-24	CVE-2021-24307	Deserialization of Untrusted Data vulnerability in Aioseo ALL in ONE SEO The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings before 4.1.0.2 enables authenticated users with "aioseo_tools_settings" privilege (most of the time admin) to execute arbitrary code on the underlying host. network low complexity aioseo CWE-502	8.8
2021-05-14	CVE-2021-24280	Deserialization of Untrusted Data vulnerability in Querysol Redirection for Contact Form 7 In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the import_from_debug AJAX action to inject PHP objects. network low complexity querysol CWE-502	8.8
2021-05-13	CVE-2021-33026	Deserialization of Untrusted Data vulnerability in Flask-Caching Project Flask-Caching The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. network low complexity flask-caching-project CWE-502 critical	9.8
2021-05-07	CVE-2021-32098	Deserialization of Untrusted Data vulnerability in Artica Pandora FMS 742 Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization. network low complexity artica CWE-502 critical	9.8
2021-04-28	CVE-2021-25152	Deserialization of Untrusted Data vulnerability in Arubanetworks Airwave A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. network low complexity arubanetworks CWE-502	7.2
2021-04-28	CVE-2021-25151	Deserialization of Untrusted Data vulnerability in Arubanetworks Airwave A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. network low complexity arubanetworks CWE-502	8.8