PT-2025-23200 · Zhilink · Zhilink Adp Application Developer Platform

Name of the Vulnerable Software and Affected Versions: Zhilink ADP Application Developer Platform version 1.0.0 Description: A critical issue was found in the Zhilink ADP Application Developer Platform, affecting some unknown functionality of the file /adpweb/wechat/verifyToken/. This issue leads...

PT-2025-22859 · Unknown · Funaudiollm Inspiremusic

Name of the Vulnerable Software and Affected Versions: FunAudioLLM InspireMusic up to bf32364bcb0d136497ca69f9db622e9216b029dd Description: A critical issue was found in the function load state dict of the file inspiremusic/cli/model.py of the component Pickle Data Handler. This issue leads to...

CVE-2024-0654

A vulnerability, which was classified as problematic, was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. Affected is an unknown function of the file mainscripts/Util.py. The manipulation leads to deserialization. Local access is required to approach this attack. The exploit has been...

CVE-2024-12138

A vulnerability classified as critical was found in horilla up to 1.2.1. This vulnerability affects the function requestnew/getemployeeshift/createreimbursement/keyresultcurrentvalueupdate/createmeetings/createskills. The manipulation leads to deserialization. The attack can be initiated remotely...

CVE-2023-3308

A vulnerability classified as problematic has been found in whaleal IceFrog 1.1.8. Affected is an unknown function of the component Aviator Template Engine. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used. The identifier of this vulnerabilit...

PT-2025-21874 · Unknown · Iop-Apl-Uw Basestation3

Name of the Vulnerable Software and Affected Versions: iop-apl-uw basestation3 versions 3.0.4 and earlier Description: A problem was found in the load qc pickl function of the file basestation3/QC.py, which is affected by deserialization due to the manipulation of the qc file argument. This issue...

CVE-2025-4260

A vulnerability was found in zhangyanbo2007 youkefu up to 4.2.0 and classified as problematic. Affected by this issue is the function impsave of the file m\web\handler\admin\system\TemplateController.java. The manipulation of the argument dataFile leads to deserialization. The attack may be...

Adobe ColdFusion Deserialization Vulnerability

Adobe ColdFusion is the United States of America Odo than Adobe company's set of rapid application development platform. Adobe ColdFusion suffers from a deserialization vulnerability, which occurs when the program lacks strict checksums when processing externally-entered serialized data. The...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

CVE-2025-24813 Apache Tomcat RCE PoC Proof of Concept PoC ex...

CVE-2025-3250

A vulnerability, which was classified as problematic, has been found in elunez eladmin 2.7. Affected by this issue is some unknown functionality of the file /api/database/testConnect of the component Maintenance Management Module. The manipulation leads to deserialization. The attack may be...

CVE-2025-2622

A vulnerability was found in aizuda snail-job 1.4.0. It has been classified as critical. Affected is the function getRuntime of the file /snail-job/workflow/check-node-expression of the component Workflow-Task Management Module. The manipulation of the argument nodeExpression leads to...

CVE-2025-1971

CVE-2025-1971 affects the WordPress plugin Export and Import Users and Customers (versions up to 2.6.2). The flaw is PHP Object Injection via deserialization of untrusted input from the form_data parameter. It requires an authenticated attacker with Administrator-level access or higher. The impac...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

CVE-2025-24813: Apache 1. Explanation Tomcat is vulnerabl...

Apache Ignite: Possible RCE when deserializing incoming messages by the server node

In Apache Ignite versions from 2.6.0 and before 2.17.0, configured Class Serialization Filters are ignored for some Ignite endpoints. The vulnerability could be exploited if an attacker manually crafts an Ignite message containing a vulnerable object whose class is present in the Ignite server...

CVE-2024-13770 Puzzles | WP Magazine / Review with Store WordPress Theme + RTL <= 4.2.4 - Unauthenticated PHP Object Injection

The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2.4 via deserialization of untrusted input 'viewmoreposts' AJAX action. This makes it possible for unauthenticated attackers to...

Exploit for Deserialization of Untrusted Data in Themekraft Buddyforms

usage: python exploit.py "/wp-admin/admin-ajax.php" 'bash -c "ba...

CVE-2024-3240

The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.25 via deserialization of untrusted input from the 'settingsencoded' attribute of the 'smileinfobar' shortcode. This makes it possible for authenticated attackers, with...

CVE-2024-10936

The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.6 via deserialization of untrusted input in the 'recursiveunserializereplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP...

CVE-2024-11409

The Grid View Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0 via deserialization of untrusted input from csallphotosdetails parameter. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a...

CVE-2024-0603

A vulnerability classified as critical has been found in ZhiCms up to 4.0. This affects an unknown part of the file app/plug/controller/giftcontroller.php. The manipulation of the argument mylike leads to deserialization. It is possible to initiate the attack remotely. The exploit has been...