Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2019-09-05 CVE-2019-5069 Deserialization of Untrusted Data vulnerability in Epignosishq Efront LMS
A code execution vulnerability exists in Epignosis eFront LMS v5.2.12.
network
low complexity
epignosishq CWE-502
8.8
8.8
2019-09-05 CVE-2018-11569 Deserialization of Untrusted Data vulnerability in Eventum Project Eventum 3.5.0/3.5.1
Controller/ListController.php in Eventum 3.5.0 is vulnerable to Deserialization of Untrusted Data.
network
low complexity
eventum-project CWE-502
critical
 9.8
9.8
2019-08-29 CVE-2019-15780 Deserialization of Untrusted Data vulnerability in Strategy11 Formidable Form Builder
The formidable plugin before 4.02.01 for WordPress has unsafe deserialization.
network
low complexity
strategy11 CWE-502
critical
 9.8
9.8
2019-08-26 CVE-2019-15521 Deserialization of Untrusted Data vulnerability in multiple products
Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object.
network
low complexity
spoon-library fork-cms CWE-502
critical
 9.8
9.8
2019-08-22 CVE-2018-20987 Deserialization of Untrusted Data vulnerability in Tribulant Newsletters
The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection.
network
low complexity
tribulant CWE-502
critical
 9.8
9.8
2019-08-22 CVE-2019-11030 Deserialization of Untrusted Data vulnerability in Mirasys VMS 7.6.0/8.0.0/8.3.1
Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys.Common.Utils.Security.DataCrypt method in Common.dll in AuditTrailService in SMServer.exe.
network
low complexity
mirasys CWE-502
critical
 9.8
9.8
2019-08-22 CVE-2019-15321 Deserialization of Untrusted Data vulnerability in Optiontree Project Optiontree
The option-tree plugin before 2.7.3 for WordPress has Object Injection because serialized classes are mishandled.
network
low complexity
optiontree-project CWE-502
critical
 9.8
9.8
2019-08-22 CVE-2019-15320 Deserialization of Untrusted Data vulnerability in Optiontree Project Optiontree
The option-tree plugin before 2.7.3 for WordPress has Object Injection because the + character is mishandled.
network
low complexity
optiontree-project CWE-502
critical
 9.8
9.8
2019-08-22 CVE-2019-15319 Deserialization of Untrusted Data vulnerability in Optiontree Project Optiontree
The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce.
network
low complexity
optiontree-project CWE-502
critical
 9.8
9.8
2019-08-22 CVE-2018-20984 Deserialization of Untrusted Data vulnerability in Patreon Wordpress
The patreon-connect plugin before 1.2.2 for WordPress has Object Injection.
network
low complexity
patreon CWE-502
critical
 9.8
9.8