CWE:
 

Topic
Date
Author
Med.
OX App Suite 7.10.6 Cross Site Scripting / Deserialization Issue
11.04.2024
Martin Heiland
Med.
Artica Proxy 4.50 Unauthenticated PHP Deserialization
09.03.2024
Jaggar Henry
Med.
WordPress BeTheme 26.5.1.4 PHP Object Injection
22.11.2022
Julien Ahrens
High
TIBCO JasperReports Server 8.0.2 Community Edition Code Execution
13.09.2022
Moritz Bechler
Low
SAP Wily Introscope Enterprise OS Command Injection
19.06.2021
Yvan Genuer
High
Protection Licensing Toolkit ReadyAPI 3.2.5 Code Execution / Deserialization
20.05.2020
Moritz Bechler
Med.
ManageEngine Desktop Central FileStorage getChartImage Deserialization / Unauthenticated Remote Code Execution
08.03.2020
Mr_me
Med.
Revive Adserver Deserialization / Open Redirect
02.05.2019
Matteo Beccati
High
OpenMRS Platform Insecure Object Deserialization
05.02.2019
Bishop Fox
Med.
Revive Adserver 4.0.0 XSS / Deserialization / Session Fixation
01.02.2017
Matteo Beccati
High
Solarwinds Virtualization Manager 6.3.1 Java Deserialization
17.06.2016
Nate Kettlewell

CVEMAP Search Results

CVE
Details
Description
2024-10-20
Waiting for details
CVE-2024-49625
Updating...
 
 
Deserialization of Untrusted Data vulnerability in Brandon Clark SiteBuilder Dynamic Components allows Object Injection.This issue affects SiteBuilder Dynamic Components: from n/a through 1.0.

 
Waiting for details
CVE-2024-49624
Updating...
 
 
Deserialization of Untrusted Data vulnerability in Smartdevth Advanced Advertising System allows Object Injection.This issue affects Advanced Advertising System: from n/a through 1.3.1.

 
2024-10-18
Waiting for details
CVE-2024-10079
Updating...
 
 
The WP Easy Post Types plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.4 via deserialization of untrusted input from the 'text' parameter in the 'ajax_import_content' function. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

 
2024-10-17
Waiting for details
CVE-2024-49318
Updating...
 
 
Deserialization of Untrusted Data vulnerability in Scott Olson My Reading Library allows Object Injection.This issue affects My Reading Library: from n/a through 1.0.

 
2024-10-16
Waiting for details
CVE-2024-49218
Updating...
 
 
Deserialization of Untrusted Data vulnerability in Al Imran Akash Recently allows Object Injection.This issue affects Recently: from n/a through 1.1.

 
Waiting for details
CVE-2024-9634
Updating...
 
 
The GiveWP �?? Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.3 via deserialization of untrusted input from the give_company_name parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to achieve remote code execution.

 
Waiting for details
CVE-2024-49227
Updating...
 
 
Deserialization of Untrusted Data vulnerability in Innovaweb Sp. Z o.O. Free Stock Photos Foter allows Object Injection.This issue affects Free Stock Photos Foter: from n/a through 1.5.4.

 
Waiting for details
CVE-2024-49226
Updating...
 
 
Deserialization of Untrusted Data vulnerability in TAKETIN TAKETIN To WP Membership allows Object Injection.This issue affects TAKETIN To WP Membership: from n/a through 2.8.0.

 
Waiting for details
CVE-2024-48030
Updating...
 
 
Deserialization of Untrusted Data vulnerability in Gabriele Valenti Telecash Ricaricaweb allows Object Injection.This issue affects Telecash Ricaricaweb: from n/a through 2.2.

 
Waiting for details
CVE-2024-48028
Updating...
 
 
Deserialization of Untrusted Data vulnerability in Boyan Raichev IP Loc8 allows Object Injection.This issue affects IP Loc8: from n/a through 1.1.

 

 

Copyright 2025, cxsecurity.com

 

Back to Top