Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-31 | CVE-2019-9875 | Deserialization of Untrusted Data vulnerability in Sitecore CMS Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter. | 8.8 |
| 2019-05-31 | CVE-2019-9874 | Deserialization of Untrusted Data vulnerability in Sitecore CMS and Experience Platform Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN. | 9.8 |
| 2019-05-29 | CVE-2019-6980 | Deserialization of Untrusted Data vulnerability in Synacor Zimbra Collaboration Suite Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in the IMAP component. | 9.8 |
| 2019-05-24 | CVE-2019-7091 | Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016/2018 ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a deserialization of untrusted data vulnerability. | 9.8 |
| 2019-05-24 | CVE-2017-18375 | Deserialization of Untrusted Data vulnerability in Ampache 3.8.3 Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php and democratic.class.php. | 8.8 |
| 2019-05-24 | CVE-2016-10753 | Deserialization of Untrusted Data vulnerability in E107 2.1.2 e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC. | 8.8 |
| 2019-05-22 | CVE-2016-10750 | Deserialization of Untrusted Data vulnerability in Hazelcast In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. | 8.1 |
| 2019-05-20 | CVE-2019-12241 | Deserialization of Untrusted Data vulnerability in Carts.Guru Carts Guru 1.4.5 The Carts Guru plugin 1.4.5 for WordPress allows Insecure Deserialization via a cartsguru-source cookie to classes/wc-cartsguru-event-handler.php. | 9.8 |
| 2019-05-20 | CVE-2019-12240 | Deserialization of Untrusted Data vulnerability in Virim Project Virim 0.4 The Virim plugin 0.4 for WordPress allows Insecure Deserialization via s_values, t_values, or c_values in graph.php. | 9.8 |
| 2019-05-17 | CVE-2019-12086 | Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. | 7.5 |