Total
2142 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-0360 | 1 Ibm | 1 Websphere Mq Jms | 2025-04-20 | N/A |
| IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath. IBM Reference #: 1983457. | ||||
| CVE-2024-1685 | 1 Sygnoos | 1 Social Media Share Buttons | 2025-04-18 | 8.8 High |
| The Social Media Share Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.1.0 via deserialization of untrusted input through the attachmentUrl parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | ||||
| CVE-2023-32795 | 1 Woocommerce | 1 Product Addons | 2025-04-17 | 8.2 High |
| Deserialization of Untrusted Data vulnerability in WooCommerce Product Add-Ons.This issue affects Product Add-Ons: from n/a through 6.1.3. | ||||
| CVE-2025-32647 | 2025-04-17 | 8.8 High | ||
| Deserialization of Untrusted Data vulnerability in PickPlugins Question Answer allows Object Injection. This issue affects Question Answer: from n/a through 1.2.70. | ||||
| CVE-2025-32686 | 2025-04-17 | 8.8 High | ||
| Deserialization of Untrusted Data vulnerability in WP Speedo Team Members allows Object Injection. This issue affects Team Members: from n/a through 3.4.0. | ||||
| CVE-2025-32662 | 2025-04-17 | 8.8 High | ||
| Deserialization of Untrusted Data vulnerability in Stylemix uListing allows Object Injection. This issue affects uListing: from n/a through 2.2.0. | ||||
| CVE-2025-39527 | 2025-04-17 | 8.8 High | ||
| Deserialization of Untrusted Data vulnerability in bestwebsoft Rating by BestWebSoft allows Object Injection. This issue affects Rating by BestWebSoft: from n/a through 1.7. | ||||
| CVE-2025-32658 | 2025-04-17 | 9.8 Critical | ||
| Deserialization of Untrusted Data vulnerability in wpWax HelpGent allows Object Injection. This issue affects HelpGent: from n/a through 2.2.4. | ||||
| CVE-2025-39588 | 2025-04-17 | 9.8 Critical | ||
| Deserialization of Untrusted Data vulnerability in bdthemes Ultimate Store Kit Elementor Addons allows Object Injection. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.4.0. | ||||
| CVE-2025-32572 | 2025-04-17 | 9.8 Critical | ||
| Deserialization of Untrusted Data vulnerability in Climax Themes Kata Plus allows Object Injection. This issue affects Kata Plus: from n/a through 1.5.2. | ||||
| CVE-2023-51470 | 1 Boiteasite | 1 Rencontre | 2025-04-17 | 9.9 Critical |
| Deserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.11.1. | ||||
| CVE-2023-49442 | 1 Jeecg | 1 Jeecg | 2025-04-17 | 9.8 Critical |
| Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request. | ||||
| CVE-2023-52207 | 1 Svnlabs | 1 Html5 Mp3 Player With Playlist Free | 2025-04-17 | 9.1 Critical |
| Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Playlist Free.This issue affects HTML5 MP3 Player with Playlist Free: from n/a through 3.0.0. | ||||
| CVE-2024-0692 | 1 Solarwinds | 1 Security Event Manager | 2025-04-16 | 8.8 High |
| The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution. | ||||
| CVE-2022-41596 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-16 | 7.5 High |
| The system tool has inconsistent serialization and deserialization. Successful exploitation of this vulnerability will cause unauthorized startup of components. | ||||
| CVE-2021-27475 | 1 Rockwellautomation | 1 Connected Components Workbench | 2025-04-16 | 8.6 High |
| Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code execution. This vulnerability requires user interaction to be successfully exploited. | ||||
| CVE-2022-1118 | 1 Rockwellautomation | 3 Connected Component Workbench, Isagraf Workbench, Safety Instrumented Systems Workstation | 2025-04-16 | 8.6 High |
| Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbench (v6.0 though v6.6.9), and Safety Instrumented System Workstation (v1.2 and prior (for Trusted Controllers)) do not limit the objects that can be deserialized. This allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in arbitrary code execution. This vulnerability requires user interaction to be successfully exploited | ||||
| CVE-2021-32935 | 1 Cognex | 1 In-sight Opc Server | 2025-04-16 | 8.8 High |
| The affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes untrusted data, which could allow a remote attacker access to system level permission commands and local privilege escalation. | ||||
| CVE-2022-2465 | 1 Rockwellautomation | 1 Isagraf Workbench | 2025-04-16 | 8.6 High |
| Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Deserialization of Untrusted Data vulnerability. ISaGRAF Workbench does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in ISaGRAF Workbench, may result in remote code execution. This vulnerability requires user interaction to be successfully exploited. | ||||
| CVE-2022-41779 | 1 Deltaww | 1 Infrasuite Device Master | 2025-04-16 | 8.8 High |
| Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize network packets without proper verification. If the device connects to an attacker-controlled server, the attacker could send maliciously crafted packets that would be deserialized and executed, leading to remote code execution. | ||||