Total
1960 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-1685 | 1 Sygnoos | 1 Social Media Share Buttons | 2025-04-18 | N/A | 8.8 HIGH |
| The Social Media Share Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.1.0 via deserialization of untrusted input through the attachmentUrl parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | |||||
| CVE-2025-27286 | 2025-04-17 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in saoshyant1994 Saoshyant Slider allows Object Injection. This issue affects Saoshyant Slider: from n/a through 3.0. | |||||
| CVE-2025-27287 | 2025-04-17 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in ssvadim SS Quiz allows Object Injection. This issue affects SS Quiz: from n/a through 2.0.5. | |||||
| CVE-2025-39550 | 2025-04-17 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Shahjahan Jewel FluentCommunity allows Object Injection. This issue affects FluentCommunity: from n/a through 1.2.15. | |||||
| CVE-2025-39588 | 2025-04-17 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in bdthemes Ultimate Store Kit Elementor Addons allows Object Injection. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.4.0. | |||||
| CVE-2025-32647 | 2025-04-17 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in PickPlugins Question Answer allows Object Injection. This issue affects Question Answer: from n/a through 1.2.70. | |||||
| CVE-2025-32662 | 2025-04-17 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in Stylemix uListing allows Object Injection. This issue affects uListing: from n/a through 2.2.0. | |||||
| CVE-2025-32686 | 2025-04-17 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in WP Speedo Team Members allows Object Injection. This issue affects Team Members: from n/a through 3.4.0. | |||||
| CVE-2025-32571 | 2025-04-17 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in turitop TuriTop Booking System allows Object Injection. This issue affects TuriTop Booking System: from n/a through 1.0.10. | |||||
| CVE-2025-39527 | 2025-04-17 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in bestwebsoft Rating by BestWebSoft allows Object Injection. This issue affects Rating by BestWebSoft: from n/a through 1.7. | |||||
| CVE-2025-32658 | 2025-04-17 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in wpWax HelpGent allows Object Injection. This issue affects HelpGent: from n/a through 2.2.4. | |||||
| CVE-2025-39551 | 2025-04-17 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Mahmudul Hasan Arif FluentBoards allows Object Injection. This issue affects FluentBoards: from n/a through 1.47. | |||||
| CVE-2025-32572 | 2025-04-17 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Climax Themes Kata Plus allows Object Injection. This issue affects Kata Plus: from n/a through 1.5.2. | |||||
| CVE-2023-49442 | 1 Jeecg | 1 Jeecg | 2025-04-17 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request. | |||||
| CVE-2022-41596 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-16 | N/A | 7.5 HIGH |
| The system tool has inconsistent serialization and deserialization. Successful exploitation of this vulnerability will cause unauthorized startup of components. | |||||
| CVE-2025-3677 | 2025-04-16 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability classified as critical was found in lm-sys fastchat up to 0.2.36. This vulnerability affects the function split_files/apply_delta_low_cpu_mem of the file fastchat/model/apply_delta.py. The manipulation leads to deserialization. An attack has to be approached locally. | |||||
| CVE-2025-31935 | 2025-04-15 | N/A | 6.2 MEDIUM | ||
| Subnet Solutions PowerSYSTEM Center is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the API may trigger an exception, resulting in a denial-of-service condition. | |||||
| CVE-2025-30985 | 2025-04-15 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in NotFound GNUCommerce allows Object Injection. This issue affects GNUCommerce: from n/a through 1.5.4. | |||||
| CVE-2025-3590 | 2025-04-15 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability has been found in Adianti Framework up to 8.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 8.1 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2025-3622 | 2025-04-15 | 5.2 MEDIUM | 5.5 MEDIUM | ||
| A vulnerability, which was classified as critical, has been found in Xorbits Inference up to 1.4.1. This issue affects the function load of the file xinference/thirdparty/cosyvoice/cli/model.py. The manipulation leads to deserialization. | |||||