Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-01 | CVE-2021-25641 | Deserialization of Untrusted Data vulnerability in Apache Dubbo Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. | 9.8 |
| 2021-06-01 | CVE-2021-30179 | Deserialization of Untrusted Data vulnerability in Apache Dubbo Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. | 9.8 |
| 2021-05-31 | CVE-2021-33790 | Deserialization of Untrusted Data vulnerability in Techreborn Reborncore The RebornCore library before 4.7.3 allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of reborncore.common.network.ExtendedPacketBuffer. | 9.8 |
| 2021-05-28 | CVE-2021-29505 | Deserialization of Untrusted Data vulnerability in multiple products XStream is software for serializing Java objects to XML and back again. | 8.8 |
| 2021-05-27 | CVE-2021-27852 | Deserialization of Untrusted Data vulnerability in Checkbox Survey Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code. | 9.8 |
| 2021-05-24 | CVE-2021-32075 | Deserialization of Untrusted Data vulnerability in Re-Logic Terraria Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization. | 9.8 |
| 2021-05-24 | CVE-2021-24307 | Deserialization of Untrusted Data vulnerability in Aioseo ALL in ONE SEO The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings before 4.1.0.2 enables authenticated users with "aioseo_tools_settings" privilege (most of the time admin) to execute arbitrary code on the underlying host. | 8.8 |
| 2021-05-21 | CVE-2021-32634 | Deserialization of Untrusted Data vulnerability in NSA Emissary 6.4.0 Emissary is a distributed, peer-to-peer, data-driven workflow framework. | 7.2 |
| 2021-05-21 | CVE-2021-31474 | Deserialization of Untrusted Data vulnerability in Solarwinds Network Performance Monitor 2020.2.1/2020.2.4 This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. | 9.8 |
| 2021-05-14 | CVE-2021-24280 | Deserialization of Untrusted Data vulnerability in Querysol Redirection for Contact Form 7 In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the import_from_debug AJAX action to inject PHP objects. | 8.8 |