Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-09 | CVE-2024-37288 | Deserialization of Untrusted Data vulnerability in Elastic Kibana 8.15.0 A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. | 8.8 |
| 2024-09-07 | CVE-2024-40711 | Deserialization of Untrusted Data vulnerability in Veeam Backup & Replication 12.0.0.1420 A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). | 9.8 |
| 2024-08-31 | CVE-2024-7435 | The Attire theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.6 via deserialization of untrusted input. | 8.8 |
| 2024-08-30 | CVE-2024-8016 | Deserialization of Untrusted Data vulnerability in Theeventscalendar Events Calendar PRO The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.0.2 via deserialization of untrusted input from the 'filters' parameter in widgets. | 7.2 |
| 2024-08-30 | CVE-2024-2694 | Deserialization of Untrusted Data vulnerability in Muffingroup Betheme 26.5.1.4/26.6/26.6.1 The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 27.5.6 via deserialization of untrusted input of the 'mfn-page-items' post meta value. | 8.8 |
| 2024-08-29 | CVE-2024-8255 | Deserialization of Untrusted Data vulnerability in Deltaww DTN Soft Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability. | 9.8 |
| 2024-08-29 | CVE-2024-43931 | Deserialization of Untrusted Data vulnerability in Eyecix Jobsearch WP JOB Board 1.5.1/1.7.4 Deserialization of Untrusted Data vulnerability in eyecix JobSearch allows Object Injection.This issue affects JobSearch: from n/a through 2.5.3. | 9.8 |
| 2024-08-29 | CVE-2022-2440 | The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'images_array' parameter in versions up to, and including 2.8. | 7.2 |
| 2024-08-24 | CVE-2024-7351 | Deserialization of Untrusted Data vulnerability in Presstigers Simple JOB Board The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.12.3 via deserialization of untrusted input when editing job applications. | 7.2 |
| 2024-08-20 | CVE-2024-42362 | Deserialization of Untrusted Data vulnerability in Apache Hertzbeat Hertzbeat is an open source, real-time monitoring system. | 8.8 |