CWE:

	Tytuł	Data	Autor
Med.	OX App Suite 7.10.6 Cross Site Scripting / Deserialization Issue	11.04.2024	Martin Heiland
Med.	Artica Proxy 4.50 Unauthenticated PHP Deserialization	09.03.2024	Jaggar Henry
Med.	WordPress BeTheme 26.5.1.4 PHP Object Injection	22.11.2022	Julien Ahrens
High	TIBCO JasperReports Server 8.0.2 Community Edition Code Execution	13.09.2022	Moritz Bechler
Low	SAP Wily Introscope Enterprise OS Command Injection	19.06.2021	Yvan Genuer
High	Protection Licensing Toolkit ReadyAPI 3.2.5 Code Execution / Deserialization	20.05.2020	Moritz Bechler
Med.	ManageEngine Desktop Central FileStorage getChartImage Deserialization / Unauthenticated Remote Code Execution	08.03.2020	Mr_me
Med.	Revive Adserver Deserialization / Open Redirect	02.05.2019	Matteo Beccati
High	OpenMRS Platform Insecure Object Deserialization	05.02.2019	Bishop Fox
Med.	Revive Adserver 4.0.0 XSS / Deserialization / Session Fixation	01.02.2017	Matteo Beccati
High	Solarwinds Virtualization Manager 6.3.1 Java Deserialization	17.06.2016	Nate Kettlewell

---

Common Weakness Enumeration (CWE)

CVE

Szczegóły

Opis

2024-04-18

	CVE-2024-32603	Updating...	Deserialization of Untrusted Data vulnerability in ThemeKraft WooBuddy.This issue affects WooBuddy: from n/a through 3.4.20.
	CVE-2024-32600	Updating...	Deserialization of Untrusted Data vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.9.5.

2024-04-15

CVE-2024-32431

Updating...

Deserialization of Untrusted Data vulnerability in WP All Import Import Users from CSV.This issue affects Import Users from CSV: from n/a through 1.2.

2024-04-13

CVE-2024-3740

Updating...

A vulnerability, which was classified as critical, has been found in cym1102 nginxWebUI up to 3.9.9. This issue affects the function exec of the file /adminPage/conf/reload. The manipulation of the argument nginxExe leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260579.

2024-04-11

CVE-2024-27985

Updating...

Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.9.

2024-04-10

CVE-2024-3568

Updating...

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting the use of `pickle.load()` on data from potentially untrusted sources. This vulnerability allows for remote code execution (RCE) by deceiving victims into loading a seemingly harmless checkpoint during a normal training process, thereby enabling attackers to execute arbitrary code on the targeted machine.

2024-04-07

	CVE-2024-31277	Updating...	Deserialization of Untrusted Data vulnerability in PickPlugins Product Designer.This issue affects Product Designer: from n/a through 1.0.32.
	CVE-2024-31308	Updating...	Deserialization of Untrusted Data vulnerability in VJInfotech WP Import Export Lite.This issue affects WP Import Export Lite: from n/a through 3.9.26.
	CVE-2024-3431	Updating...	A vulnerability was found in EyouCMS 1.6.5. It has been declared as critical. This vulnerability affects unknown code of the file /login.php?m=admin&c=Field&a=channel_edit of the component Backend. The manipulation of the argument channel_id leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259612. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

2024-03-31

CVE-2024-31094

Updating...

Deserialization of Untrusted Data vulnerability in Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through 1.05.

 

---

Copyright 2024, cxsecurity.com