Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2021-05-13 CVE-2021-33026 Deserialization of Untrusted Data vulnerability in Flask-Caching Project Flask-Caching
The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation.
network
low complexity
flask-caching-project CWE-502
critical
 9.8
9.8
2021-05-11 CVE-2021-29508 Deserialization of Untrusted Data vulnerability in Asynkron Wire
Due to how Wire handles type information in its serialization format, malicious payloads can be passed to a deserializer.
network
low complexity
asynkron CWE-502
critical
 9.1
9.1
2021-05-07 CVE-2021-32098 Deserialization of Untrusted Data vulnerability in Artica Pandora FMS 742
Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization.
network
low complexity
artica CWE-502
critical
 9.8
9.8
2021-04-28 CVE-2021-25152 Deserialization of Untrusted Data vulnerability in Arubanetworks Airwave
A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1.
network
low complexity
arubanetworks CWE-502
7.2
7.2
2021-04-28 CVE-2021-25151 Deserialization of Untrusted Data vulnerability in Arubanetworks Airwave
A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1.
network
low complexity
arubanetworks CWE-502
8.8
8.8
2021-04-28 CVE-2020-36326 Deserialization of Untrusted Data vulnerability in multiple products
PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname.
network
low complexity
phpmailer-project wordpress CWE-502
critical
 9.8
9.8
2021-04-27 CVE-2021-29476 Deserialization of Untrusted Data vulnerability in Wordpress Requests 1.6.0/1.6.1/1.7.0
Requests is a HTTP library written in PHP.
network
low complexity
wordpress CWE-502
critical
 9.8
9.8
2021-04-27 CVE-2021-30128 Deserialization of Untrusted Data vulnerability in Apache Ofbiz
Apache OFBiz has unsafe deserialization prior to 17.12.07 version
network
low complexity
apache CWE-502
critical
 9.8
9.8
2021-04-27 CVE-2021-29200 Deserialization of Untrusted Data vulnerability in Apache Ofbiz
Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack
network
low complexity
apache CWE-502
critical
 9.8
9.8
2021-04-23 CVE-2020-7385 Deserialization of Untrusted Data vulnerability in Rapid7 Metasploit
By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions.
network
low complexity
rapid7 CWE-502
8.8
8.8