2025-01-07 | CVE-2024-12313 | The Compare Products for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.1 via deserialization of untrusted input from the 'woo_compare_list' cookie. | 8.1 |
2025-01-05 | CVE-2024-13136 | Deserialization of Untrusted Data vulnerability in Wangl1989 Mysiteforme 1.0 A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. | 9.8 |
2025-01-04 | CVE-2024-10932 | The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursive_unserialize_replace' function. | 8.8 |
2024-12-25 | CVE-2024-52046 | Deserialization of Untrusted Data vulnerability in Apache Mina The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. | 9.8 |
2024-12-21 | CVE-2024-12721 | Deserialization of Untrusted Data vulnerability in Webbuilder143 Custom Product Tabs for Woocommerce The Custom Product Tabs For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.4 via deserialization of untrusted input from the 'wb_custom_tabs' parameter. | 7.2 |
2024-12-16 | CVE-2024-10095 | Deserialization of Untrusted Data vulnerability in Telerik UI for WPF In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability. | 9.8 |
2024-12-16 | CVE-2024-54367 | Deserialization of Untrusted Data vulnerability in Ultimatemember Forumwp Deserialization of Untrusted Data vulnerability in ForumWP ForumWP allows Object Injection.This issue affects ForumWP: from n/a through 2.1.0. | 9.8 |
2024-12-12 | CVE-2024-49147 | Deserialization of Untrusted Data vulnerability in Microsoft Update Catalog Deserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to elevate privileges on the website’s webserver. | 9.8 |
2024-12-12 | CVE-2024-12312 | The Print Science Designer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.152 via deserialization of untrusted input through the 'designer-saved-projects' cookie. | 8.1 |
2024-12-12 | CVE-2024-49063 | Deserialization of Untrusted Data vulnerability in Microsoft Muzic Microsoft/Muzic Remote Code Execution Vulnerability | 8.4 |