Total
2136 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-39588 | 2025-04-17 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in bdthemes Ultimate Store Kit Elementor Addons allows Object Injection. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.4.0. | |||||
| CVE-2025-32647 | 2025-04-17 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in PickPlugins Question Answer allows Object Injection. This issue affects Question Answer: from n/a through 1.2.70. | |||||
| CVE-2025-32662 | 2025-04-17 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in Stylemix uListing allows Object Injection. This issue affects uListing: from n/a through 2.2.0. | |||||
| CVE-2025-32686 | 2025-04-17 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in WP Speedo Team Members allows Object Injection. This issue affects Team Members: from n/a through 3.4.0. | |||||
| CVE-2025-32571 | 2025-04-17 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in turitop TuriTop Booking System allows Object Injection. This issue affects TuriTop Booking System: from n/a through 1.0.10. | |||||
| CVE-2025-39527 | 2025-04-17 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in bestwebsoft Rating by BestWebSoft allows Object Injection. This issue affects Rating by BestWebSoft: from n/a through 1.7. | |||||
| CVE-2025-32658 | 2025-04-17 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in wpWax HelpGent allows Object Injection. This issue affects HelpGent: from n/a through 2.2.4. | |||||
| CVE-2025-39551 | 2025-04-17 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Mahmudul Hasan Arif FluentBoards allows Object Injection. This issue affects FluentBoards: from n/a through 1.47. | |||||
| CVE-2025-32572 | 2025-04-17 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Climax Themes Kata Plus allows Object Injection. This issue affects Kata Plus: from n/a through 1.5.2. | |||||
| CVE-2023-49442 | 1 Jeecg | 1 Jeecg | 2025-04-17 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request. | |||||
| CVE-2022-41596 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-16 | N/A | 7.5 HIGH |
| The system tool has inconsistent serialization and deserialization. Successful exploitation of this vulnerability will cause unauthorized startup of components. | |||||
| CVE-2025-3677 | 2025-04-16 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability classified as critical was found in lm-sys fastchat up to 0.2.36. This vulnerability affects the function split_files/apply_delta_low_cpu_mem of the file fastchat/model/apply_delta.py. The manipulation leads to deserialization. An attack has to be approached locally. | |||||
| CVE-2025-31935 | 2025-04-15 | N/A | 6.2 MEDIUM | ||
| Subnet Solutions PowerSYSTEM Center is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the API may trigger an exception, resulting in a denial-of-service condition. | |||||
| CVE-2025-30985 | 2025-04-15 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in NotFound GNUCommerce allows Object Injection. This issue affects GNUCommerce: from n/a through 1.5.4. | |||||
| CVE-2025-3590 | 2025-04-15 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability has been found in Adianti Framework up to 8.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 8.1 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2025-3622 | 2025-04-15 | 5.2 MEDIUM | 5.5 MEDIUM | ||
| A vulnerability, which was classified as critical, has been found in Xorbits Inference up to 1.4.1. This issue affects the function load of the file xinference/thirdparty/cosyvoice/cli/model.py. The manipulation leads to deserialization. | |||||
| CVE-2022-45185 | 1 Salesagility | 1 Suitecrm | 2025-04-15 | N/A | 8.8 HIGH |
| An issue was discovered in SuiteCRM 7.12.7. Authenticated users can use CRM functions to upload malicious files. Then, deserialization can be used to achieve code execution. | |||||
| CVE-2016-1114 | 1 Adobe | 1 Coldfusion | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | |||||
| CVE-2016-9865 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | |||||
| CVE-2015-8103 | 2 Jenkins, Redhat | 2 Jenkins, Openshift Container Platform | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'". | |||||