Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-01 | CVE-2024-7434 | Deserialization of Untrusted Data vulnerability in Ultrapress The UltraPress theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.1 via deserialization of untrusted input. | 8.8 |
| 2024-09-30 | CVE-2024-45772 | Deserialization of Untrusted Data vulnerability in Apache Lucene Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users are recommended to upgrade to version 9.12.0, which fixes the issue. The deserialization can only be triggered if users actively deploy an network-accessible implementation and a corresponding client using a HTTP library that uses the API (e.g., a custom servlet and HTTPClient). | 8.0 |
| 2024-09-28 | CVE-2024-8353 | Deserialization of Untrusted Data vulnerability in Givewp The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'give_title' and 'card_address'. | 9.8 |
| 2024-09-27 | CVE-2024-8922 | Deserialization of Untrusted Data vulnerability in Piwebsolution Product Enquiry for Woocommerce The Product Enquiry for WooCommerce, WooCommerce product catalog plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.33.32 via deserialization of untrusted input in enquiry_detail.php. | 8.8 |
| 2024-09-26 | CVE-2024-43191 | IBM ManageIQ could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted yaml file request. | 7.2 |
| 2024-09-25 | CVE-2024-7576 | Deserialization of Untrusted Data vulnerability in Telerik UI for WPF In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability. | 9.8 |
| 2024-09-25 | CVE-2024-8316 | Deserialization of Untrusted Data vulnerability in Telerik UI for WPF In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability. | 7.8 |
| 2024-09-25 | CVE-2024-8514 | Deserialization of Untrusted Data vulnerability in Prisna Google Website Translator The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.11 via deserialization of untrusted input from the 'prisna_import' parameter. | 7.2 |
| 2024-09-24 | CVE-2022-2439 | Deserialization of Untrusted Data vulnerability in Awesomemotive Easy Digital Downloads The Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress is vulnerable to deserialization of untrusted input via the 'upload[file]' parameter in versions up to, and including 3.3.3. | 7.2 |
| 2024-09-14 | CVE-2024-8862 | Deserialization of Untrusted Data vulnerability in H2O 3.46.0.4 A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. | 9.8 |