CWE-502: Deserialization of Untrusted Data

CVE-2023-43981 is a critical deserialization vulnerability in Presto Changeo testsitecreator that allows remote code execution. Attackers can exploit ...

This vulnerability allows remote code execution through deserialization of untrusted data in Schneider Electric products. Attackers can send specially...

CVE-2023-44273 is a signature malleability vulnerability in Consensys gnark-crypto cryptographic library that allows attackers to create multiple vali...

CVE-2023-43291 is a critical deserialization vulnerability in emlog pro CMS that allows remote attackers to execute arbitrary code on affected systems...

This vulnerability in phpPgAdmin allows remote attackers to execute arbitrary code by exploiting insecure deserialization of user-controlled data. Att...

This vulnerability allows remote attackers to execute arbitrary code on Adobe ColdFusion servers without authentication or user interaction. It affect...

CVE-2020-19559 is a critical remote code execution vulnerability in Diebold Aglis XFS for Opteva ATM software. Attackers can execute arbitrary code by...

This vulnerability in knplabs/knp-snappy allows remote code execution through PHAR deserialization when attackers can control the filename parameter i...

This vulnerability allows unauthenticated remote attackers to execute arbitrary code on webMethods OneData servers by exploiting insecure Java RMI des...

CVE-2023-40571 is a critical deserialization vulnerability in weblogic-framework versions 0.2.3 and earlier that allows remote code execution. Attacke...

This vulnerability allows attackers to bypass authentication on Dataprobe iBoot PDU devices by manipulating a cookie's IP address field, redirecting t...

This critical vulnerability in Apache Helix allows remote attackers to execute arbitrary code through unsafe YAML deserialization. Attackers can explo...

This CVE describes a critical Java object deserialization vulnerability in Apache Jackrabbit that allows remote code execution via RMI. Attackers can ...

CVE-2023-38203 is a critical deserialization vulnerability in Adobe ColdFusion that allows attackers to execute arbitrary code without user interactio...

This vulnerability allows attackers to achieve remote code execution by sending specially crafted RabbitMQ messages to Apache EventMesh. The deseriali...

This vulnerability allows attackers to execute arbitrary code on Adobe ColdFusion servers by exploiting insecure deserialization of untrusted data. It...

Delta Electronics InfraSuite Device Master versions before 1.0.7 contain insecure deserialization vulnerabilities that allow remote attackers to execu...

This vulnerability allows remote attackers to execute arbitrary code on Fortinet FortiNAC systems by sending specially crafted requests to the inter-s...

CVE-2023-35839 is a critical deserialization vulnerability in Solon's sofa-hessian component that allows remote attackers to execute arbitrary code by...

The GDPR CCPA Compliance Support plugin for WordPress has a PHP object injection vulnerability that allows unauthenticated attackers to execute arbitr...

The Ultimate Reviews WordPress plugin up to version 2.1.32 contains a PHP object injection vulnerability due to insecure deserialization of untrusted ...

This CVE describes a deserialization vulnerability in DataEase, an open source data visualization tool, that allows remote attackers to execute arbitr...

CVE-2023-27068 is a critical deserialization vulnerability in Sitecore Experience Platform that allows remote attackers to execute arbitrary code via ...

CVE-2023-31890 is a critical XML deserialization vulnerability in glazedlists v1.11.0 that allows remote attackers to execute arbitrary code by exploi...

This vulnerability in the AI ChatBot WordPress plugin allows unauthenticated attackers to perform PHP Object Injection by sending specially crafted co...

Keysight N8844A Data Analytics Web Service contains a deserialization vulnerability that allows remote attackers to execute arbitrary code by sending ...

CVE-2023-20853 is a critical deserialization vulnerability in aEnrich Technology a+HRD's MSMQ asynchronous message processing. Unauthenticated remote ...

CVE-2023-20864 is a critical deserialization vulnerability in VMware Aria Operations for Logs that allows unauthenticated attackers with network acces...

CVE-2021-28254 is a critical deserialization vulnerability in Laravel v8.5.9 that allows attackers to execute arbitrary commands through the destruct(...

This vulnerability in Apache Linkis allows attackers to execute arbitrary code remotely by exploiting a deserialization flaw when configuring MySQL da...

This CVE describes a critical Java insecure deserialization vulnerability in Adobe LiveCycle ES4 that allows unauthenticated remote attackers to execu...

CVE-2020-29312 is a remote code execution vulnerability in Zend Framework versions up to 3.1.3, allowing attackers to execute arbitrary code via insec...

This vulnerability allows remote attackers to execute arbitrary code on Payara Server by exploiting a JNDI rebind operation in the default ORB listene...

This vulnerability in Ivanti Avalanche allows authenticated remote attackers to bypass authentication and execute arbitrary code via insecure deserial...

This vulnerability allows remote attackers to execute arbitrary code on Ivanti Avalanche systems by bypassing authentication and exploiting insecure d...

This vulnerability allows unauthenticated remote attackers to execute arbitrary code on Delta Electronics InfraSuite Device Master systems by sending ...

CVE-2023-26359 is a critical deserialization vulnerability in Adobe ColdFusion that allows attackers to execute arbitrary code without user interactio...

This vulnerability allows unauthenticated attackers to execute arbitrary PHP code on WordPress sites running the vulnerable Lead Generated plugin. Att...

CVE-2023-28115 is a PHAR deserialization vulnerability in the Snappy PHP library that allows attackers to achieve remote code execution by uploading m...

CVE-2023-26779 is a deserialization vulnerability in CleverStupidDog yf-exam version 1.8.0 that allows attackers to execute arbitrary code remotely. T...

CVE-2022-37936 is an unauthenticated Java deserialization vulnerability in HPE Serviceguard Manager that allows remote attackers to execute arbitrary ...

The BuddyForms WordPress plugin before version 2.7.8 contains an unauthenticated insecure deserialization vulnerability. Attackers can exploit this wi...

CVE-2022-47986 is a critical YAML deserialization vulnerability in IBM Aspera Faspex that allows remote attackers to execute arbitrary code on affecte...

This CVE describes a deserialization vulnerability in ThinkPHP framework that allows attackers to execute arbitrary code on affected systems. Attacker...

CVE-2023-25135 is a critical remote code execution vulnerability in vBulletin that allows unauthenticated attackers to execute arbitrary code via craf...

This CVE describes a critical deserialization vulnerability in multiple Mitsubishi Electric industrial control software products. Remote unauthenticat...

CVE-2022-24082 allows remote code execution on Pega Platform installations by exploiting insecure JMX interface exposure. Attackers can upload seriali...

This vulnerability allows unauthenticated attackers to execute arbitrary code on Zoho ManageEngine Password Manager Pro and PAM360 systems through Jav...

This vulnerability in the Feed Them Social WordPress plugin allows unauthenticated attackers to execute arbitrary PHP code via deserialization of untr...

CVE-2022-1660 is a critical deserialization vulnerability that allows unauthenticated remote attackers to execute arbitrary code on affected systems. ...