Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-13 | CVE-2024-13770 | Deserialization of Untrusted Data vulnerability in Themerex Puzzles The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2.4 via deserialization of untrusted input 'view_more_posts' AJAX action. | 9.8 |
| 2025-02-11 | CVE-2025-1177 | Deserialization of Untrusted Data vulnerability in Xunruicms 4.6.3 A vulnerability was found in dayrui XunRuiCMS 4.6.3. | 9.8 |
| 2025-02-07 | CVE-2024-9664 | Deserialization of Untrusted Data vulnerability in Soflyy WP ALL Import The WP All Import Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.9.7 via deserialization of untrusted input from an import file. | 7.2 |
| 2025-02-05 | CVE-2025-20124 | Deserialization of Untrusted Data vulnerability in Cisco Identity Services Engine A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software. | 7.2 |
| 2025-02-03 | CVE-2025-0974 | A vulnerability, which was classified as critical, has been found in MaxD Lightning Module 4.43 on OpenCart. | 5.0 |
| 2025-01-30 | CVE-2024-13742 | Deserialization of Untrusted Data vulnerability in Icontrolwp The iControlWP – Multiple WordPress Site Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.5 via deserialization of untrusted input from the reqpars parameter. | 9.8 |
| 2025-01-29 | CVE-2025-0841 | A vulnerability has been found in Aridius XYZ up to 20240927 on OpenCart and classified as critical. | 7.3 |
| 2025-01-27 | CVE-2025-0734 | A vulnerability has been found in y_project RuoYi up to 4.8.0 and classified as critical. | 4.7 |
| 2025-01-25 | CVE-2024-12600 | The Custom Product Tabs Lite for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.0 via deserialization of untrusted input from the 'frs_woo_product_tabs' parameter. | 7.2 |
| 2025-01-23 | CVE-2025-23006 | Deserialization of Untrusted Data vulnerability in Sonicwall products Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands. | 9.8 |