Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-12 | CVE-2020-36282 | Deserialization of Untrusted Data vulnerability in Rabbitmq JMS Client JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage data. | 9.8 |
| 2021-03-11 | CVE-2020-29045 | Deserialization of Untrusted Data vulnerability in Fivestarplugins Five Star Restaurant Menu The food-and-drink-menu plugin through 2.2.0 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the fdm_cart cookie in load_cart_from_cookie in includes/class-cart-manager.php. | 9.8 |
| 2021-03-09 | CVE-2021-21488 | Deserialization of Untrusted Data vulnerability in SAP Netweaver Knowledge Management Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with basic privileges to deserialize user-controlled data without verification, leading to insecure deserialization which triggers the attacker’s code, therefore impacting Availability. | 6.5 |
| 2021-03-04 | CVE-2020-24914 | Deserialization of Untrusted Data vulnerability in Qcubed A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request. | 9.8 |
| 2021-03-04 | CVE-2020-24036 | Deserialization of Untrusted Data vulnerability in Fork-Cms Fork CMS PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code. | 8.8 |
| 2021-03-03 | CVE-2020-29047 | Deserialization of Untrusted Data vulnerability in Thimpress WP Hotel Booking The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpress_hotel_booking_1 cookie in load in includes/class-wphb-sessions.php. | 9.8 |
| 2021-03-03 | CVE-2021-20076 | Deserialization of Untrusted Data vulnerability in Tenable Tenable.Sc Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the Tenable.sc server via Hypertext Preprocessor unserialization. | 8.8 |
| 2021-02-18 | CVE-2021-27335 | Deserialization of Untrusted Data vulnerability in Kollectapp Kollect 4.8.16 KollectApps before 4.8.16c is affected by insecure Java deserialization, leading to Remote Code Execution via a ysoserial.payloads.CommonsCollections parameter. | 9.8 |
| 2021-02-17 | CVE-2021-22855 | Deserialization of Untrusted Data vulnerability in HR Portal Project HR Portal 7.3.2020.1013 The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. | 9.8 |
| 2021-02-15 | CVE-2021-23338 | Deserialization of Untrusted Data vulnerability in Microsoft Qlib This affects all versions of package qlib. | 7.2 |