Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-31 | CVE-2019-9874 | Deserialization of Untrusted Data vulnerability in Sitecore CMS and Experience Platform Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN. | 9.8 |
| 2019-05-29 | CVE-2019-6980 | Deserialization of Untrusted Data vulnerability in Synacor Zimbra Collaboration Suite Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in the IMAP component. | 9.8 |
| 2019-05-24 | CVE-2019-7091 | Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016/2018 ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a deserialization of untrusted data vulnerability. | 9.8 |
| 2019-05-24 | CVE-2017-18375 | Deserialization of Untrusted Data vulnerability in Ampache 3.8.3 Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php and democratic.class.php. | 8.8 |
| 2019-05-24 | CVE-2016-10753 | Deserialization of Untrusted Data vulnerability in E107 2.1.2 e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC. | 8.8 |
| 2019-05-22 | CVE-2016-10750 | Deserialization of Untrusted Data vulnerability in Hazelcast In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. | 8.1 |
| 2019-05-20 | CVE-2019-12241 | Deserialization of Untrusted Data vulnerability in Carts.Guru Carts Guru 1.4.5 The Carts Guru plugin 1.4.5 for WordPress allows Insecure Deserialization via a cartsguru-source cookie to classes/wc-cartsguru-event-handler.php. | 9.8 |
| 2019-05-20 | CVE-2019-12240 | Deserialization of Untrusted Data vulnerability in Virim Project Virim 0.4 The Virim plugin 0.4 for WordPress allows Insecure Deserialization via s_values, t_values, or c_values in graph.php. | 9.8 |
| 2019-05-17 | CVE-2019-12086 | Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. | 7.5 |
| 2019-05-17 | CVE-2019-4279 | Deserialization of Untrusted Data vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. | 9.8 |