Total
1768 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20878 | 1 Vmware | 2 Cloud Foundation, Vrealize Operations | 2025-01-27 | N/A | 7.2 HIGH |
| VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system. | |||||
| CVE-2025-24671 | 2025-01-27 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Object Injection. This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 4.4.0. | |||||
| CVE-2025-24601 | 2025-01-27 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in ThimPress FundPress allows Object Injection. This issue affects FundPress: from n/a through 2.0.6. | |||||
| CVE-2024-12600 | 2025-01-25 | N/A | 7.2 HIGH | ||
| The Custom Product Tabs Lite for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.0 via deserialization of untrusted input from the 'frs_woo_product_tabs' parameter. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | |||||
| CVE-2025-0428 | 1 Aipower | 1 Aipower | 2025-01-24 | N/A | 7.2 HIGH |
| The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_content'] variable through the wpaicg_export_prompts function. This allows authenticated attackers, with administrative privileges, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | |||||
| CVE-2025-0429 | 1 Aipower | 1 Aipower | 2025-01-24 | N/A | 7.2 HIGH |
| The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_content'] variable through the wpaicg_export_ai_forms() function. This allows authenticated attackers, with administrative privileges, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | |||||
| CVE-2023-38203 | 1 Adobe | 1 Coldfusion | 2025-01-23 | N/A | 9.8 CRITICAL |
| Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. | |||||
| CVE-2023-31890 | 1 Glazedlists | 1 Glazed Lists | 2025-01-23 | N/A | 9.8 CRITICAL |
| An XML Deserialization vulnerability in glazedlists v1.11.0 allows an attacker to execute arbitrary code via the BeanXMLByteCoder.decode() parameter. | |||||
| CVE-2025-23914 | 2025-01-22 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in NotFound Muzaara Google Ads Report allows Object Injection. This issue affects Muzaara Google Ads Report: from n/a through 3.1. | |||||
| CVE-2025-23944 | 2025-01-22 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in WOOEXIM.COM WOOEXIM allows Object Injection. This issue affects WOOEXIM: from n/a through 5.0.0. | |||||
| CVE-2025-23932 | 2025-01-22 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in NotFound Quick Count allows Object Injection. This issue affects Quick Count: from n/a through 3.00. | |||||
| CVE-2024-0692 | 1 Solarwinds | 1 Security Event Manager | 2025-01-21 | N/A | 8.8 HIGH |
| The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution. | |||||
| CVE-2024-3483 | 1 Microfocus | 1 Imanager | 2025-01-21 | N/A | 7.8 HIGH |
| Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization issues. | |||||
| CVE-2024-3967 | 1 Microfocus | 1 Imanager | 2025-01-21 | N/A | 7.6 HIGH |
| Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization. | |||||
| CVE-2024-49699 | 2025-01-21 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This issue affects ARPrice: from n/a through 4.0.3. | |||||
| CVE-2024-49688 | 2025-01-21 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This issue affects ARPrice: from n/a through 4.0.3. | |||||
| CVE-2025-0586 | 2025-01-20 | N/A | 7.2 HIGH | ||
| The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote attackers with database modification privileges and regular system privileges to perform arbitrary code execution. | |||||
| CVE-2025-21364 | 1 Microsoft | 2 365 Apps, Office | 2025-01-17 | N/A | 7.8 HIGH |
| Microsoft Excel Security Feature Bypass Vulnerability | |||||
| CVE-2024-12703 | 2025-01-17 | N/A | 7.8 HIGH | ||
| CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when a non-admin authenticated user opens a malicious project file. | |||||
| CVE-2023-1967 | 1 Keysight | 1 N8844a | 2025-01-16 | N/A | 9.8 CRITICAL |
| Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid. | |||||