Vulnerabilities (CVE)

Filtered by CWE-502
Total 2128 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-38203 1 Adobe 1 Coldfusion 2025-10-23 N/A 9.8 CRITICAL
Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
CVE-2023-29300 1 Adobe 1 Coldfusion 2025-10-23 N/A 9.8 CRITICAL
Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
CVE-2023-26359 1 Adobe 1 Coldfusion 2025-10-23 N/A 9.8 CRITICAL
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
CVE-2018-4939 1 Adobe 1 Coldfusion 2025-10-23 10.0 HIGH 9.8 CRITICAL
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2025-60224 2025-10-22 N/A 6.5 MEDIUM
Deserialization of Untrusted Data vulnerability in wpshuffle Subscribe to Download subscribe-to-download allows Object Injection.This issue affects Subscribe to Download: from n/a through <= 2.0.9.
CVE-2025-60221 2025-10-22 N/A 6.5 MEDIUM
Deserialization of Untrusted Data vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Object Injection.This issue affects Captivate Sync: from n/a through <= 3.0.3.
CVE-2025-60216 2025-10-22 N/A 5.3 MEDIUM
Deserialization of Untrusted Data vulnerability in BoldThemes Addison addison allows Object Injection.This issue affects Addison: from n/a through <= 1.4.2.
CVE-2025-60215 2025-10-22 N/A 5.3 MEDIUM
Deserialization of Untrusted Data vulnerability in designthemes Kriya kriya allows Object Injection.This issue affects Kriya: from n/a through <= 3.4.
CVE-2025-60210 2025-10-22 N/A 6.5 MEDIUM
Deserialization of Untrusted Data vulnerability in wpeverest Everest Forms - Frontend Listing everest-forms-frontend-listing allows Object Injection.This issue affects Everest Forms - Frontend Listing: from n/a through <= 1.0.5.
CVE-2025-60209 2025-10-22 N/A 8.2 HIGH
Deserialization of Untrusted Data vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Object Injection.This issue affects Connector for Gravity Forms and Google Sheets: from n/a through <= 1.2.6.
CVE-2025-49380 2025-10-22 N/A 5.3 MEDIUM
Deserialization of Untrusted Data vulnerability in wpinstinct WooCommerce Vehicle Parts Finder woo-vehicle-parts-finder allows Object Injection.This issue affects WooCommerce Vehicle Parts Finder: from n/a through <= 3.7.
CVE-2025-31634 2025-10-22 N/A 6.5 MEDIUM
Deserialization of Untrusted Data vulnerability in designthemes Insurance insurance allows Object Injection.This issue affects Insurance: from n/a through <= 3.5.
CVE-2025-32283 2025-10-22 N/A 6.5 MEDIUM
Deserialization of Untrusted Data vulnerability in designthemes Solar Energy solar allows Object Injection.This issue affects Solar Energy: from n/a through <= 3.5.
CVE-2025-60214 2025-10-22 N/A 9.8 CRITICAL
Deserialization of Untrusted Data vulnerability in BoldThemes Goldenblatt goldenblatt allows Object Injection.This issue affects Goldenblatt: from n/a through <= 1.2.1.
CVE-2025-60228 2025-10-22 N/A N/A
Deserialization of Untrusted Data vulnerability in designthemes Knowledge Base kbase allows Object Injection.This issue affects Knowledge Base: from n/a through <= 2.9.
CVE-2025-62008 2025-10-22 N/A N/A
Deserialization of Untrusted Data vulnerability in acowebs Product Table For WooCommerce product-table-for-woocommerce.This issue affects Product Table For WooCommerce: from n/a through <= 1.2.4.
CVE-2025-60234 2025-10-22 N/A N/A
Deserialization of Untrusted Data vulnerability in designthemes Single Property single-property allows Object Injection.This issue affects Single Property: from n/a through <= 2.8.
CVE-2025-60225 2025-10-22 N/A 9.8 CRITICAL
Deserialization of Untrusted Data vulnerability in AncoraThemes BugsPatrol bugspatrol allows Object Injection.This issue affects BugsPatrol: from n/a through <= 1.5.0.
CVE-2025-60238 2025-10-22 N/A N/A
Deserialization of Untrusted Data vulnerability in universam UNIVERSAM universam-demo allows Object Injection.This issue affects UNIVERSAM: from n/a through <= 8.72.34.
CVE-2025-52740 2025-10-22 N/A N/A
Deserialization of Untrusted Data vulnerability in Hernan Villanueva Boldermail boldermail allows Object Injection.This issue affects Boldermail: from n/a through <= 2.4.0.