Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-04 | CVE-2020-24914 | Deserialization of Untrusted Data vulnerability in Qcubed A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request. | 9.8 |
| 2021-03-04 | CVE-2020-24036 | Deserialization of Untrusted Data vulnerability in Fork-Cms Fork CMS PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code. | 8.8 |
| 2021-03-03 | CVE-2020-29047 | Deserialization of Untrusted Data vulnerability in Thimpress WP Hotel Booking The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpress_hotel_booking_1 cookie in load in includes/class-wphb-sessions.php. | 9.8 |
| 2021-03-03 | CVE-2021-20076 | Deserialization of Untrusted Data vulnerability in Tenable Tenable.Sc Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the Tenable.sc server via Hypertext Preprocessor unserialization. | 8.8 |
| 2021-03-03 | CVE-2021-26857 | Deserialization of Untrusted Data vulnerability in Microsoft Exchange Server Microsoft Exchange Server Remote Code Execution Vulnerability | 7.8 |
| 2021-02-25 | CVE-2021-24066 | Deserialization of Untrusted Data vulnerability in Microsoft products Microsoft SharePoint Remote Code Execution Vulnerability | 8.8 |
| 2021-02-18 | CVE-2021-27335 | Deserialization of Untrusted Data vulnerability in Kollectapp Kollect 4.8.16 KollectApps before 4.8.16c is affected by insecure Java deserialization, leading to Remote Code Execution via a ysoserial.payloads.CommonsCollections parameter. | 9.8 |
| 2021-02-17 | CVE-2021-22855 | Deserialization of Untrusted Data vulnerability in HR Portal Project HR Portal 7.3.2020.1013 The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. | 9.8 |
| 2021-02-15 | CVE-2021-23338 | Deserialization of Untrusted Data vulnerability in Microsoft Qlib This affects all versions of package qlib. | 7.2 |
| 2021-02-14 | CVE-2021-27213 | Deserialization of Untrusted Data vulnerability in Pystemon Project Pystemon config.py in pystemon before 2021-02-13 allows code execution via YAML deserialization because SafeLoader and safe_load are not used. | 9.8 |