8067 matches found
CVE-2025-68853
Deserialization of Untrusted Data vulnerability in Kleor Contact Manager contact-manager allows Object Injection.This issue affects Contact Manager: from n/a through = 9.1.1...
CVE-2025-68541
Deserialization of Untrusted Data vulnerability in BoldThemes Ippsum ippsum allows Object Injection.This issue affects Ippsum: from n/a through = 1.2.0...
CVE-2025-68526
Deserialization of Untrusted Data vulnerability in A WP Life Modal Popup Box modal-popup-box allows Object Injection.This issue affects Modal Popup Box: from n/a through = 1.6.1...
CVE-2025-68531
Deserialization of Untrusted Data vulnerability in modeltheme ModelTheme Addons for WPBakery and Elementor modeltheme-addons-for-wpbakery allows Object Injection.This issue affects ModelTheme Addons for WPBakery and Elementor: from n/a through 1.5.6...
CVE-2026-22346
Deserialization of Untrusted Data vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow slider-responsive-slideshow allows Object Injection.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through = 1.5.4...
CVE-2026-22354
Deserialization of Untrusted Data vulnerability in Dotstore Woocommerce Category Banner Management banner-management-for-woocommerce allows Object Injection.This issue affects Woocommerce Category Banner Management: from n/a through = 2.5.1...
CVE-2026-22384
Deserialization of Untrusted Data vulnerability in leafcolor Applay - Shortcodes applay-shortcodes allows Object Injection.This issue affects Applay - Shortcodes: from n/a through = 3.7...
CVE-2026-22345
Deserialization of Untrusted Data vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery new-image-gallery allows Object Injection.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through = 1.6...
CVE-2026-24891
openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. Versions 5.3.1 and below contain an unsafe deserialization sink in the Gearman worker implementation. The worker function registered as oitcgearman calls PHP's unserialize on...
CVE-2026-27206
Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The deserializer instantiates any class specified in the @type field without restriction. When...
CVE-2026-27206
Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The deserializer instantiates any class specified in the @type field without restriction. When...
UBUNTU-CVE-2026-27206
Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The deserializer instantiates any class specified in the @type field without restriction. When...
CVE-2026-27206
Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The deserializer instantiates any class specified in the @type field without restriction. When...
CVE-2026-27206
The CVE concerns Zumba Json Serializer for PHP. Versions 3.2.2 and earlier allow deserialization of PHP objects from JSON via an @type field, which can instantiate any class specified without restrictions. If attacker-controlled JSON reaches JsonSerializer::unserialize() and the app contains clas...
CVE-2026-27206 Zumba Json Serializer has a potential PHP Object Injection via Unrestricted @type in unserialize()
Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The deserializer instantiates any class specified in the @type field without restriction. When...
CVE-2026-27206 Zumba Json Serializer has a potential PHP Object Injection via Unrestricted @type in unserialize()
Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The deserializer instantiates any class specified in the @type field without restriction. When...
CVE-2026-27206
Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The deserializer instantiates any class specified in the @type field without restriction. When...
CVE-2026-27206 Zumba Json Serializer has a potential PHP Object Injection via Unrestricted @type in unserialize()
Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The deserializer instantiates any class specified in the @type field without restriction. When...
Json Serializer for PHP 代码问题漏洞
Json Serializer for PHP is an open-source JSON serialization tool developed by Zumba. Versions of Json Serializer for PHP prior to 3.2.2 had code vulnerabilities. These vulnerabilities stemmed from the ability to deserialize PHP objects using the @type field, which could lead to PHP object...
CVE-2026-24891
openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. Versions 5.3.1 and below contain an unsafe deserialization sink in the Gearman worker implementation. The worker function registered as oitcgearman calls PHP's unserialize on...