Total
1658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-10079 | 1 Newsignature | 1 Wp Easy Post Types | 2024-10-22 | N/A | 8.8 HIGH |
| The WP Easy Post Types plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.4 via deserialization of untrusted input from the 'text' parameter in the 'ajax_import_content' function. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | |||||
| CVE-2024-9917 | 1 Usualtool | 1 Usualtoolcms | 2024-10-19 | N/A | 4.9 MEDIUM |
| A vulnerability, which was classified as critical, was found in HuangDou UTCMS V9. This affects an unknown part of the file app/modules/ut-template/admin/template_creat.php. The manipulation of the argument content leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-49318 | 2024-10-18 | N/A | N/A | ||
| Deserialization of Untrusted Data vulnerability in Scott Olson My Reading Library allows Object Injection.This issue affects My Reading Library: from n/a through 1.0. | |||||
| CVE-2023-48952 | 1 Openlinksw | 1 Virtuoso | 2024-10-17 | N/A | 7.5 HIGH |
| An issue in the box_deserialize_reusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | |||||
| CVE-2024-45733 | 2 Microsoft, Splunk | 2 Windows, Splunk | 2024-10-16 | N/A | 8.8 HIGH |
| In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) due to an insecure session storage configuration. | |||||
| CVE-2024-48026 | 2024-10-16 | N/A | N/A | ||
| Deserialization of Untrusted Data vulnerability in Grayson Robbins Disc Golf Manager allows Object Injection.This issue affects Disc Golf Manager: from n/a through 1.0.0. | |||||
| CVE-2024-49218 | 2024-10-16 | N/A | N/A | ||
| Deserialization of Untrusted Data vulnerability in Al Imran Akash Recently allows Object Injection.This issue affects Recently: from n/a through 1.1. | |||||
| CVE-2024-49227 | 2024-10-16 | N/A | N/A | ||
| Deserialization of Untrusted Data vulnerability in Innovaweb Sp. Z o.O. Free Stock Photos Foter allows Object Injection.This issue affects Free Stock Photos Foter: from n/a through 1.5.4. | |||||
| CVE-2024-49226 | 2024-10-16 | N/A | N/A | ||
| Deserialization of Untrusted Data vulnerability in TAKETIN TAKETIN To WP Membership allows Object Injection.This issue affects TAKETIN To WP Membership: from n/a through 2.8.0. | |||||
| CVE-2024-48028 | 2024-10-16 | N/A | N/A | ||
| Deserialization of Untrusted Data vulnerability in Boyan Raichev IP Loc8 allows Object Injection.This issue affects IP Loc8: from n/a through 1.1. | |||||
| CVE-2024-48030 | 2024-10-16 | N/A | N/A | ||
| Deserialization of Untrusted Data vulnerability in Gabriele Valenti Telecash Ricaricaweb allows Object Injection.This issue affects Telecash Ricaricaweb: from n/a through 2.2. | |||||
| CVE-2023-25581 | 2024-10-15 | N/A | N/A | ||
| pac4j is a security framework for Java. `pac4j-core` prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the `UserProfile` class from pac4j-core. It can be exploited by providing an attribute that contains a serialized Java object with a special prefix `{#sb64}` and Base64 encoding. This issue may lead to Remote Code Execution (RCE) in the worst case. Although a `RestrictedObjectInputStream` is in place, that puts some restriction on what classes can be deserialized, it still allows a broad range of java packages and potentially exploitable with different gadget chains. pac4j versions 4.0.0 and greater are not affected by this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-48033 | 2024-10-15 | N/A | N/A | ||
| Deserialization of Untrusted Data vulnerability in Elie Burstein, Baptiste Gourdin Talkback allows Object Injection.This issue affects Talkback: from n/a through 1.0. | |||||
| CVE-2023-48886 | 1 Luxiaoxun | 1 Nettyrpc | 2024-10-11 | N/A | 9.8 CRITICAL |
| A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request. | |||||
| CVE-2023-31058 | 1 Apache | 1 Inlong | 2024-10-11 | N/A | 7.5 HIGH |
| Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the 'autoDeserialize' option filtering by adding blanks. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7674 https://github.com/apache/inlong/pull/7674 to solve it. | |||||
| CVE-2023-26592 | 1 Intel | 1 Thunderbolt Dch Driver | 2024-10-10 | N/A | 3.8 LOW |
| Deserialization of untrusted data in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable a denial of service via local access. | |||||
| CVE-2023-46615 | 1 Kallidan | 1 Kd Coming Soon | 2024-10-10 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in Kalli Dan. KD Coming Soon.This issue affects KD Coming Soon: from n/a through 1.7. | |||||
| CVE-2021-4118 | 1 Lightningai | 1 Pytorch Lightning | 2024-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| pytorch-lightning is vulnerable to Deserialization of Untrusted Data | |||||
| CVE-2024-23513 | 1 Wp-property-hive | 1 Propertyhive | 2024-10-08 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.5. | |||||
| CVE-2024-25100 | 1 Wpswings | 1 Coupon Referral Program | 2024-10-08 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program.This issue affects Coupon Referral Program: from n/a through 1.7.2. | |||||