Vulnerabilities > Deserialization of Untrusted Data

DATE	CVE	VULNERABILITY TITLE	RISK
2019-08-26	CVE-2019-15521	Deserialization of Untrusted Data vulnerability in multiple products Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object. network low complexity spoon-library fork-cms CWE-502 critical	9.8
2019-08-22	CVE-2018-20987	Deserialization of Untrusted Data vulnerability in Tribulant Newsletters The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection. network low complexity tribulant CWE-502 critical	9.8
2019-08-22	CVE-2019-11030	Deserialization of Untrusted Data vulnerability in Mirasys VMS 7.6.0/8.0.0/8.3.1 Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys.Common.Utils.Security.DataCrypt method in Common.dll in AuditTrailService in SMServer.exe. network low complexity mirasys CWE-502 critical	9.8
2019-08-22	CVE-2019-15321	Deserialization of Untrusted Data vulnerability in Optiontree Project Optiontree The option-tree plugin before 2.7.3 for WordPress has Object Injection because serialized classes are mishandled. network low complexity optiontree-project CWE-502 critical	9.8
2019-08-22	CVE-2019-15320	Deserialization of Untrusted Data vulnerability in Optiontree Project Optiontree The option-tree plugin before 2.7.3 for WordPress has Object Injection because the + character is mishandled. network low complexity optiontree-project CWE-502 critical	9.8
2019-08-22	CVE-2019-15319	Deserialization of Untrusted Data vulnerability in Optiontree Project Optiontree The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce. network low complexity optiontree-project CWE-502 critical	9.8
2019-08-22	CVE-2018-20984	Deserialization of Untrusted Data vulnerability in Patreon Wordpress The patreon-connect plugin before 1.2.2 for WordPress has Object Injection. network low complexity patreon CWE-502 critical	9.8
2019-08-20	CVE-2019-10086	Deserialization of Untrusted Data vulnerability in multiple products In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. network low complexity apache debian opensuse fedoraproject redhat oracle CWE-502	7.3
2019-08-14	CVE-2019-0344	Deserialization of Untrusted Data vulnerability in SAP Commerce Cloud Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection. network low complexity sap CWE-502 critical	9.8
2019-07-30	CVE-2019-14439	Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. network low complexity fasterxml debian fedoraproject apache redhat oracle CWE-502	7.5