Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-22 | CVE-2024-11392 | Deserialization of Untrusted Data vulnerability in Huggingface Transformers Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. | 8.8 |
| 2024-11-22 | CVE-2024-11393 | Deserialization of Untrusted Data vulnerability in Huggingface Transformers Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. | 8.8 |
| 2024-11-22 | CVE-2024-11394 | Deserialization of Untrusted Data vulnerability in Huggingface Transformers Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. | 8.8 |
| 2024-11-20 | CVE-2018-9474 | Deserialization of Untrusted Data vulnerability in Google Android In writeToParcel of MediaPlayer.java, there is a possible serialization/deserialization mismatch due to improper input validation. | 7.8 |
| 2024-11-18 | CVE-2024-52433 | Deserialization of Untrusted Data vulnerability in Mindstien MY GEO Posts Free Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free allows Object Injection.This issue affects My Geo Posts Free: from n/a through 1.2. | 9.8 |
| 2024-11-14 | CVE-2024-10962 | The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.9.107 via deserialization of untrusted input in the 'replace_row_data' and 'replace_serialize_data' functions. | 8.8 |
| 2024-11-13 | CVE-2024-43080 | Deserialization of Untrusted Data vulnerability in Google Android In onReceive of AppRestrictionsFragment.java, there is a possible escalation of privilege due to unsafe deserialization. | 7.8 |
| 2024-11-12 | CVE-2024-44102 | Deserialization of Untrusted Data vulnerability in Siemens Telecontrol Server Basic 3.1 A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000 V3.1 (6NH9910-0AA31-0AD1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 32 to 64 V3.1 (6NH9910-0AA31-0AF1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 64 to 256 V3.1 (6NH9910-0AA31-0AC1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 8 to 32 V3.1 (6NH9910-0AA31-0AB1) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 1000 V3.1 (6NH9910-0AA31-0AD0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 256 V3.1 (6NH9910-0AA31-0AC0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 32 V3.1 (6NH9910-0AA31-0AF0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 5000 V3.1 (6NH9910-0AA31-0AE0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 64 V3.1 (6NH9910-0AA31-0AB0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 8 V3.1 (6NH9910-0AA31-0AA0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic Serv Upgr (6NH9910-0AA31-0GA1) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic Upgr V3.1 (6NH9910-0AA31-0GA0) (All versions < V3.1.2.1 with redundancy configured). | 10.0 |
| 2024-11-04 | CVE-2024-10749 | Deserialization of Untrusted Data vulnerability in Thinkadmin A vulnerability, which was classified as critical, was found in ThinkAdmin up to 6.1.67. | 8.1 |
| 2024-10-31 | CVE-2024-43383 | Deserialization of Untrusted Data vulnerability in Apache Lucene.Net 4.8.0 Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator. This issue affects Apache Lucene.NET's Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016. An attacker that can intercept traffic between a replication client and server, or control the target replication node URL, can provide a specially-crafted JSON response that is deserialized as an attacker-provided exception type. | 8.1 |