Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-15 | CVE-2023-49566 | Deserialization of Untrusted Data vulnerability in Apache Linkis 1.4.0/1.5.0 In Apache Linkis <=1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. | 8.8 |
| 2024-07-09 | CVE-2024-38023 | Deserialization of Untrusted Data vulnerability in Microsoft Sharepoint Server 2016/2019 Microsoft SharePoint Server Remote Code Execution Vulnerability | 7.2 |
| 2024-07-09 | CVE-2024-38024 | Deserialization of Untrusted Data vulnerability in Microsoft Sharepoint Server 2016/2019 Microsoft SharePoint Server Remote Code Execution Vulnerability | 7.2 |
| 2024-07-09 | CVE-2024-38094 | Deserialization of Untrusted Data vulnerability in Microsoft Sharepoint Server 2016/2019 Microsoft SharePoint Remote Code Execution Vulnerability | 7.2 |
| 2024-07-05 | CVE-2024-6525 | Deserialization of Untrusted Data vulnerability in Dlink Dar-7000 Firmware ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20230922. | 8.8 |
| 2024-06-25 | CVE-2024-5016 | Deserialization of Untrusted Data vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM. The vulnerability exists in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage for server and NmDistributed.DistributedClient.OnMessage for clients. | 7.2 |
| 2024-06-19 | CVE-2024-5649 | Deserialization of Untrusted Data vulnerability in Webhuntinfotech Universal Slider The Universal Slider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.5 via deserialization of untrusted input 'fsl_get_gallery_value' function. | 8.8 |
| 2024-06-19 | CVE-2024-5724 | Deserialization of Untrusted Data vulnerability in Webhuntinfotech Photo Video Gallery Master The Photo Video Gallery Master plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.3 via deserialization of untrusted input 'PVGM_all_photos_details' parameter. | 8.8 |
| 2024-06-13 | CVE-2024-4371 | Deserialization of Untrusted Data vulnerability in Codexpert Codesigner The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recently_viewed_products cookie. | 9.8 |
| 2024-06-12 | CVE-2024-3467 | Deserialization of Untrusted Data vulnerability in Aveva PI Asset Framework Client 2018/2023 There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socially engineered to import XML supplied by an attacker. | 7.8 |