Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-20 | CVE-2024-8003 | Deserialization of Untrusted Data vulnerability in Gotribe Gotribe-Admin 1.0 A vulnerability was found in Go-Tribe gotribe-admin 1.0 and classified as problematic. | 9.8 |
| 2024-08-20 | CVE-2024-5932 | Deserialization of Untrusted Data vulnerability in Givewp The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter. | 9.8 |
| 2024-08-19 | CVE-2024-43242 | Deserialization of Untrusted Data vulnerability in Wpindeed Ultimate Membership PRO Deserialization of Untrusted Data vulnerability in azzaroco Ultimate Membership Pro allows Object Injection.This issue affects Ultimate Membership Pro: from n/a through 12.6. | 10.0 |
| 2024-08-13 | CVE-2024-28986 | Deserialization of Untrusted Data vulnerability in Solarwinds web Help Desk SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. | 9.8 |
| 2024-08-07 | CVE-2024-36131 | Deserialization of Untrusted Data vulnerability in Ivanti Endpoint Manager Mobile An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authenticated remote attacker to execute arbitrary commands on the underlying operating system of the appliance. | 8.8 |
| 2024-07-24 | CVE-2024-6327 | Deserialization of Untrusted Data vulnerability in Progress Telerik Report Server In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability. | 9.8 |
| 2024-07-22 | CVE-2024-6793 | Deserialization of Untrusted Data vulnerability in NI Veristand A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that may result in remote code execution. | 9.8 |
| 2024-07-22 | CVE-2024-6794 | Deserialization of Untrusted Data vulnerability in NI Veristand A deserialization of untrusted data vulnerability exists in NI VeriStand Waveform Streaming Server that may result in remote code execution. | 9.8 |
| 2024-07-09 | CVE-2024-31317 | Deserialization of Untrusted Data vulnerability in Google Android In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITE_SECURE_SETTINGS due to unsafe deserialization. | 7.8 |
| 2024-06-25 | CVE-2024-5016 | Deserialization of Untrusted Data vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM. The vulnerability exists in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage for server and NmDistributed.DistributedClient.OnMessage for clients. | 7.2 |