Total
1658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-0739 | 1 Leadshop | 1 Leadshop | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in Hecheng Leadshop up to 1.4.20. Affected is an unknown function of the file /web/leadshop.php. The manipulation of the argument install leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-251562 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-6654 | 1 Phpems | 1 Phpems | 2024-05-17 | N/A | 8.8 HIGH |
| A vulnerability classified as critical was found in PHPEMS 6.x/7.x/8.x/9.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247357 was assigned to this vulnerability. | |||||
| CVE-2023-6580 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2024-05-17 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in D-Link DIR-846 FW100A53DBR. This affects an unknown part of the file /HNAP1/ of the component QoS POST Handler. The manipulation of the argument smartqos_express_devices/smartqos_normal_devices leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247161 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-5016 | 1 Ssssssss | 1 Spider-flow | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in spider-flow up to 0.5.0. It has been declared as critical. Affected by this vulnerability is the function DriverManager.getConnection of the file src/main/java/org/spiderflow/controller/DataSourceController.java of the component API. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239857 was assigned to this vulnerability. | |||||
| CVE-2023-3308 | 1 Whaleal | 1 Icefrog | 2024-05-17 | N/A | 8.8 HIGH |
| A vulnerability classified as problematic has been found in whaleal IceFrog 1.1.8. Affected is an unknown function of the component Aviator Template Engine. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231804. | |||||
| CVE-2023-3232 | 1 Crmeb | 1 Crmeb | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Zhong Bang CRMEB up to 4.6.0 and classified as critical. This issue affects some unknown processing of the file /api/wechat/app_auth of the component Image Upload. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231503. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-3234 | 1 Crmeb | 1 Crmeb | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. It has been declared as problematic. Affected by this vulnerability is the function put_image of the file api/controller/v1/PublicController.php. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231505 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-0960 | 1 Seacms | 1 Seacms | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SeaCMS 11.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /data/config.ftp.php of the component Picture Management. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-221630 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4890 | 1 Predictapp Project | 1 Predictapp | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in abhilash1985 PredictApp. This issue affects some unknown processing of the file config/initializers/new_framework_defaults_7_0.rb of the component Cookie Handler. The manipulation leads to deserialization. The attack may be initiated remotely. The patch is named b067372f3ee26fe1b657121f0f41883ff4461a06. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218387. | |||||
| CVE-2024-29800 | 2024-05-14 | N/A | N/A | ||
| Deserialization of Untrusted Data vulnerability in Timber Team & Contributors Timber.This issue affects Timber: from n/a through 1.23.0. | |||||
| CVE-2022-1415 | 1 Redhat | 4 Decision Manager, Drools, Jboss Middleware Text-only Advisories and 1 more | 2024-05-03 | N/A | 8.8 HIGH |
| A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server. | |||||
| CVE-2024-33641 | 2024-04-29 | N/A | N/A | ||
| Deserialization of Untrusted Data vulnerability in Team Yoast Custom field finder.This issue affects Custom field finder: from n/a through 0.3. | |||||
| CVE-2023-32665 | 1 Gnome | 1 Glib | 2024-04-26 | N/A | 5.5 MEDIUM |
| A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. | |||||
| CVE-2024-32835 | 2024-04-24 | N/A | N/A | ||
| Deserialization of Untrusted Data vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.3. | |||||
| CVE-2024-32817 | 2024-04-24 | N/A | N/A | ||
| Deserialization of Untrusted Data vulnerability in Import and export users and customers.This issue affects Import and export users and customers: from n/a through 1.26.2. | |||||
| CVE-2023-25770 | 1 Honeywell | 2 C300, C300 Firmware | 2024-04-22 | N/A | 7.5 HIGH |
| Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning. | |||||
| CVE-2024-32603 | 2024-04-18 | N/A | N/A | ||
| Deserialization of Untrusted Data vulnerability in ThemeKraft WooBuddy.This issue affects WooBuddy: from n/a through 3.4.20. | |||||
| CVE-2024-3568 | 2024-04-10 | N/A | N/A | ||
| The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting the use of `pickle.load()` on data from potentially untrusted sources. This vulnerability allows for remote code execution (RCE) by deceiving victims into loading a seemingly harmless checkpoint during a normal training process, thereby enabling attackers to execute arbitrary code on the targeted machine. | |||||
| CVE-2023-40595 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-04-10 | N/A | 8.8 HIGH |
| In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code. | |||||
| CVE-2024-31277 | 2024-04-08 | N/A | N/A | ||
| Deserialization of Untrusted Data vulnerability in PickPlugins Product Designer.This issue affects Product Designer: from n/a through 1.0.32. | |||||