Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-28 | CVE-2020-36326 | Deserialization of Untrusted Data vulnerability in multiple products PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. | 9.8 |
| 2021-04-27 | CVE-2021-30128 | Deserialization of Untrusted Data vulnerability in Apache Ofbiz Apache OFBiz has unsafe deserialization prior to 17.12.07 version | 9.8 |
| 2021-04-27 | CVE-2021-29200 | Deserialization of Untrusted Data vulnerability in Apache Ofbiz Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack | 9.8 |
| 2021-04-23 | CVE-2020-7385 | Deserialization of Untrusted Data vulnerability in Rapid7 Metasploit By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions. | 8.8 |
| 2021-04-22 | CVE-2021-3287 | Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class. | 9.8 |
| 2021-04-20 | CVE-2021-3035 | Deserialization of Untrusted Data vulnerability in Paloaltonetworks Bridgecrew Checkov An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. | 7.2 |
| 2021-04-15 | CVE-2021-27850 | Deserialization of Untrusted Data vulnerability in Apache Tapestry A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. | 9.8 |
| 2021-04-14 | CVE-2021-29654 | Deserialization of Untrusted Data vulnerability in Stackpath Ajaxsearchpro AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data (in the import database feature of the administration panel), leading to Remote Code execution. | 7.2 |
| 2021-04-12 | CVE-2021-21524 | Deserialization of Untrusted Data vulnerability in Dell products Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted Deserialization Vulnerability. | 9.8 |
| 2021-03-22 | CVE-2021-26295 | Deserialization of Untrusted Data vulnerability in Apache Ofbiz Apache OFBiz has unsafe deserialization prior to 17.12.06. | 9.8 |