Total
1658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-39410 | 2025-05-19 | N/A | N/A | ||
| Deserialization of Untrusted Data vulnerability in themegusta Smart Sections Theme Builder - WPBakery Page Builder Addon.This issue affects Smart Sections Theme Builder - WPBakery Page Builder Addon: from n/a through 1.7.8. | |||||
| CVE-2025-47581 | 2025-05-19 | N/A | N/A | ||
| Deserialization of Untrusted Data vulnerability in Elbisnero WordPress Events Calendar Registration & Tickets allows Object Injection.This issue affects WordPress Events Calendar Registration & Tickets: from n/a through 2.6.0. | |||||
| CVE-2025-30384 | 1 Microsoft | 1 Sharepoint Server | 2025-05-19 | N/A | 7.0 HIGH |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-47582 | 2025-05-19 | N/A | N/A | ||
| Deserialization of Untrusted Data vulnerability in QuantumCloud WPBot Pro Wordpress Chatbot allows Object Injection.This issue affects WPBot Pro Wordpress Chatbot: from n/a through 12.7.0. | |||||
| CVE-2025-30382 | 1 Microsoft | 1 Sharepoint Server | 2025-05-19 | N/A | 7.8 HIGH |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. | |||||
| CVE-2018-18447 | 1 Dotpdn | 1 Paint.net | 2025-05-16 | N/A | 9.8 CRITICAL |
| dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2). | |||||
| CVE-2018-18446 | 1 Dotpdn | 1 Paint.net | 2025-05-16 | N/A | 9.8 CRITICAL |
| dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2). | |||||
| CVE-2025-4742 | 2025-05-16 | N/A | 5.3 MEDIUM | ||
| A vulnerability classified as problematic has been found in XU-YIJIE grpo-flat up to 9024b43f091e2eb9bac65802b120c0b35f9ba856. Affected is the function main of the file grpo_vanilla.py. The manipulation leads to deserialization. Local access is required to approach this attack. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | |||||
| CVE-2025-4740 | 2025-05-16 | N/A | 5.3 MEDIUM | ||
| A vulnerability was found in BeamCtrl Airiana up to 11.0. It has been declared as problematic. This vulnerability affects unknown code of the file coef. The manipulation leads to deserialization. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3250 | 1 Eladmin | 1 Eladmin | 2025-05-15 | N/A | 6.5 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in elunez eladmin 2.7. Affected by this issue is some unknown functionality of the file /api/database/testConnect of the component Maintenance Management Module. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-45772 | 1 Apache | 1 Lucene Replicator | 2025-05-15 | N/A | 8.0 HIGH |
| Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users are recommended to upgrade to version 9.12.0, which fixes the issue. The deserialization can only be triggered if users actively deploy an network-accessible implementation and a corresponding client using a HTTP library that uses the API (e.g., a custom servlet and HTTPClient). Java serialization filters (such asĀ -Djdk.serialFilter='!*' on the commandline) can mitigate the issue on vulnerable versions without impacting functionality. | |||||
| CVE-2025-4701 | 2025-05-15 | N/A | 5.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, has been found in VITA-MLLM Freeze-Omni up to 20250421. This issue affects the function torch.load of the file models/utils.py. The manipulation of the argument path leads to deserialization. It is possible to launch the attack on the local host. | |||||
| CVE-2025-30378 | 1 Microsoft | 1 Sharepoint Server | 2025-05-14 | N/A | 7.0 HIGH |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-47292 | 2025-05-14 | N/A | N/A | ||
| Cap Collectif is an online decision making platform that integrates several tools. Before commit 812f2a7d271b76deab1175bdaf2be0b8102dd198, the `DebateAlternateArgumentsResolver` deserializes a `Cursor`, allowing any classes and which can be controlled by unauthenticated user. Exploitation of this vulnerability can lead to Remote Code Execution. The vulnerability is fixed in commit 812f2a7d271b76deab1175bdaf2be0b8102dd198. | |||||
| CVE-2025-0734 | 1 Ruoyi | 1 Ruoyi | 2025-05-13 | N/A | 7.2 HIGH |
| A vulnerability has been found in y_project RuoYi up to 4.8.0 and classified as critical. This vulnerability affects the function getBeanName of the component Whitelist. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2020-15842 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-05-13 | 6.8 MEDIUM | 8.1 HIGH |
| Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle attackers to execute arbitrary code via crafted serialized payloads, because of insecure deserialization. | |||||
| CVE-2022-3291 | 1 Gitlab | 1 Gitlab | 2025-05-13 | N/A | 6.5 MEDIUM |
| Serialization of sensitive data in GitLab EE affecting all versions from 14.9 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 can leak sensitive information via cache | |||||
| CVE-2022-40889 | 1 Phpok | 1 Phpok | 2025-05-13 | N/A | 9.8 CRITICAL |
| Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php. | |||||
| CVE-2025-31103 | 1 Appleple | 1 A-blog Cms | 2025-05-13 | N/A | 7.5 HIGH |
| Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server. | |||||
| CVE-2025-47629 | 1 Wp-crm | 1 Wp-crm System | 2025-05-12 | N/A | 7.2 HIGH |
| Deserialization of Untrusted Data vulnerability in Mario Peshev WP-CRM System allows Object Injection. This issue affects WP-CRM System: from n/a through 3.4.1. | |||||