Total
2135 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-23914 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in NotFound Muzaara Google Ads Report allows Object Injection. This issue affects Muzaara Google Ads Report: from n/a through 3.1. | ||||
| CVE-2025-31398 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in themeton PIMP - Creative MultiPurpose allows Object Injection. This issue affects PIMP - Creative MultiPurpose: from n/a through 1.7. | ||||
| CVE-2025-48287 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Pagaleve Pix 4x sem juros - Pagaleve allows Object Injection.This issue affects Pix 4x sem juros - Pagaleve: from n/a through 1.6.9. | ||||
| CVE-2025-31612 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Sabuj Kundu CBX Poll allows Object Injection. This issue affects CBX Poll: from n/a through 1.2.7. | ||||
| CVE-2024-34751 | 2 Webtoffee, Wordpress | 2 Order Export & Order Import For Woocommerce, Wordpress | 2025-07-12 | 4.4 Medium |
| Deserialization of Untrusted Data vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.9. | ||||
| CVE-2024-49222 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Amento Tech Pvt ltd WPGuppy allows Object Injection.This issue affects WPGuppy: from n/a through 1.1.0. | ||||
| CVE-2025-30985 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in NotFound GNUCommerce allows Object Injection. This issue affects GNUCommerce: from n/a through 1.5.4. | ||||
| CVE-2025-32284 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in designthemes Pet World allows Object Injection. This issue affects Pet World: from n/a through 2.8. | ||||
| CVE-2025-32571 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in turitop TuriTop Booking System allows Object Injection. This issue affects TuriTop Booking System: from n/a through 1.0.10. | ||||
| CVE-2024-8502 | 1 Modelscope | 1 Agentscope | 2025-07-12 | N/A |
| A vulnerability in the RpcAgentServerLauncher class of modelscope/agentscope v0.0.6a3 allows for remote code execution (RCE) via deserialization of untrusted data using the dill library. The issue occurs in the AgentServerServicer.create_agent method, where serialized input is deserialized using dill.loads, enabling an attacker to execute arbitrary commands on the server. | ||||
| CVE-2024-39630 | 2 Motopress, Wordpress | 2 Timetable And Event Schedule, Wordpress | 2025-07-12 | 5.5 Medium |
| Deserialization of Untrusted Data vulnerability in MotoPress Timetable and Event Schedule allows Object Injection.This issue affects Timetable and Event Schedule: from n/a through 2.4.13. | ||||
| CVE-2024-33641 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.4 Medium |
| Deserialization of Untrusted Data vulnerability in Team Yoast Custom field finder.This issue affects Custom field finder: from n/a through 0.3. | ||||
| CVE-2024-6675 | 1 Ni | 1 Veristand | 2025-07-12 | 7.8 High |
| A deserialization of untrusted data vulnerability exists in NI VeriStand that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects VeriStand 2024 Q2 and prior versions. | ||||
| CVE-2025-26885 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in Brent Jett Assistant allows Object Injection. This issue affects Assistant: from n/a through 1.5.1. | ||||
| CVE-2024-56068 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.5 High |
| Deserialization of Untrusted Data vulnerability in Azzaroco WP SuperBackup.This issue affects WP SuperBackup: from n/a through 2.3.3. | ||||
| CVE-2024-31211 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 5.5 Medium |
| WordPress is an open publishing platform for the Web. Unserialization of instances of the `WP_HTML_Token` class allows for code execution via its `__destruct()` magic method. This issue was fixed in WordPress 6.4.2 on December 6th, 2023. Versions prior to 6.4.0 are not affected. | ||||
| CVE-2025-27301 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in Nazmul Hasan Robin NHR Options Table Manager allows Object Injection. This issue affects NHR Options Table Manager: from n/a through 1.1.2. | ||||
| CVE-2025-26873 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9 Critical |
| Deserialization of Untrusted Data vulnerability in Shine theme Traveler.This issue affects Traveler: from n/a before 3.2.1. | ||||
| CVE-2024-50507 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Daniel Schmitzer DS.DownloadList allows Object Injection.This issue affects DS.DownloadList: from n/a through 1.3. | ||||
| CVE-2023-27459 | 1 Wpeverest | 1 User Registration | 2025-07-12 | 7.4 High |
| Deserialization of Untrusted Data vulnerability in WPEverest User Registration.This issue affects User Registration: from n/a through 2.3.2.1. | ||||