CWE:
 

Tytuł
Data
Autor
Med.
OX App Suite 7.10.6 Cross Site Scripting / Deserialization Issue
11.04.2024
Martin Heiland
Med.
Artica Proxy 4.50 Unauthenticated PHP Deserialization
09.03.2024
Jaggar Henry
Med.
WordPress BeTheme 26.5.1.4 PHP Object Injection
22.11.2022
Julien Ahrens
High
TIBCO JasperReports Server 8.0.2 Community Edition Code Execution
13.09.2022
Moritz Bechler
Low
SAP Wily Introscope Enterprise OS Command Injection
19.06.2021
Yvan Genuer
High
Protection Licensing Toolkit ReadyAPI 3.2.5 Code Execution / Deserialization
20.05.2020
Moritz Bechler
Med.
ManageEngine Desktop Central FileStorage getChartImage Deserialization / Unauthenticated Remote Code Execution
08.03.2020
Mr_me
Med.
Revive Adserver Deserialization / Open Redirect
02.05.2019
Matteo Beccati
High
OpenMRS Platform Insecure Object Deserialization
05.02.2019
Bishop Fox
Med.
Revive Adserver 4.0.0 XSS / Deserialization / Session Fixation
01.02.2017
Matteo Beccati
High
Solarwinds Virtualization Manager 6.3.1 Java Deserialization
17.06.2016
Nate Kettlewell


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2024-06-14
Waiting for details
CVE-2024-5671

Updating...
 

 
Insecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote attackers to perform arbitrary code execution and access to the vulnerable Trellix IPS Manager.

 
2024-06-12
Waiting for details
CVE-2024-3467

Updating...
 

 
There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socially engineered to import XML supplied by an attacker.

 
Waiting for details
CVE-2024-3468

Updating...
 

 
There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an attacker.

 
Waiting for details
CVE-2024-28964

Updating...
 

 
Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in the context of the logged in user. Exploitation of this issue requires a victim to open a malicious file.

 
2024-06-06
Waiting for details
CVE-2024-5675

Updating...
 

 
Untrusted data deserialization vulnerability has been found in Mentor - Employee Portal, affecting version 3.83.35. This vulnerability could allow an attacker to execute arbitrary code, by injecting a malicious payload into the �??ViewState�?� field.

 
2024-05-26
Waiting for details
CVE-2024-5352

Updating...
 

 
A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been rated as critical. Affected by this issue is the function validationRules of the component com.anjiplus.template.gaea.business.modules.datasetparam.controller.DataSetParamController#verification. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266264.

 
2024-05-18
Waiting for details
CVE-2024-31879

Updating...
 

 
IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. IBM X-Force ID: 287539.

 
2024-05-16
Waiting for details
CVE-2024-34751

Updating...
 

 
Deserialization of Untrusted Data vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.9.

 
2024-05-14
Waiting for details
CVE-2024-4699

Updating...
 

 
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230922. This issue affects some unknown processing of the file /importhtml.php. The manipulation of the argument sql leads to deserialization. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-263747. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

 
Waiting for details
CVE-2024-28075

Updating...
 

 
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top