Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-17 | CVE-2020-22083 | Deserialization of Untrusted Data vulnerability in Jsonpickle Project Jsonpickle jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode() function. | 9.8 |
| 2020-12-14 | CVE-2020-20136 | Deserialization of Untrusted Data vulnerability in Quantconnect Lean 2.3.0.0/2.4.0.1 QuantConnect Lean versions from 2.3.0.0 to 2.4.0.1 are affected by an insecure deserialization vulnerability due to insecure configuration of TypeNameHandling property in Json.NET library. | 9.8 |
| 2020-12-11 | CVE-2020-9301 | Deserialization of Untrusted Data vulnerability in Linuxfoundation Spinnaker Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. | 8.8 |
| 2020-11-19 | CVE-2020-28948 | Deserialization of Untrusted Data vulnerability in multiple products Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. | 7.8 |
| 2020-11-17 | CVE-2020-27131 | Deserialization of Untrusted Data vulnerability in Cisco Security Manager Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. | 9.8 |
| 2020-11-16 | CVE-2020-5664 | Deserialization of Untrusted Data vulnerability in Riken Xoonips Deserialization of untrusted data vulnerability in XooNIps 3.49 and earlier allows remote attackers to execute arbitrary code via unspecified vectors. | 9.8 |
| 2020-11-07 | CVE-2020-28339 | Deserialization of Untrusted Data vulnerability in Welcart E-Commerce The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. | 8.8 |
| 2020-11-02 | CVE-2020-28032 | Deserialization of Untrusted Data vulnerability in multiple products WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php. | 9.8 |
| 2020-10-22 | CVE-2020-10721 | Deserialization of Untrusted Data vulnerability in Redhat Fabric8-Maven A flaw was found in the fabric8-maven-plugin 4.0.0 and later. | 7.8 |
| 2020-10-21 | CVE-2020-15244 | Deserialization of Untrusted Data vulnerability in Openmage Magento In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. | 7.2 |