Lucene search
K

8099 matches found

Patchstack
Patchstack
added 2026/01/13 7:32 a.m.8 views

WordPress Kids Heaven theme <= 3.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Kids Heaven versions = 3.2...

8.8CVSS7.3AI score0.00503EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/12 2:12 p.m.6 views

WordPress Consult Aid theme <= 1.4.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Consult Aid versions = 1.4.3...

9.8CVSS7.3AI score0.00547EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/12 12:59 p.m.8 views

WordPress JupiterX Core plugin <= 4.10.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin JupiterX Core versions = 4.10.1...

8.5CVSS7.3AI score0.00559EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/01/12 5:16 a.m.3 views

CVE-2025-69276

Deserialization of Untrusted Data vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Object Injection.This issue affects DX NetOps Spectrum: 24.3.13 and earlier...

8.8CVSS5.8AI score0.00257EPSS
Exploits0References1
NVD
NVD
added 2026/01/12 5:16 a.m.6 views

CVE-2025-69276

Deserialization of Untrusted Data vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Object Injection.This issue affects DX NetOps Spectrum: 24.3.13 and earlier...

8.8CVSS0.00257EPSS
Exploits0References1
CVE
CVE
added 2026/01/12 4:53 a.m.12 views

CVE-2025-69276

The CVE-2025-69276 entry concerns Broadcom DX NetOps Spectrum (Windows and Linux) with deserialization of untrusted data leading to object injection. Affected versions are 24.3.13 and earlier. Root cause is insecure deserialization of untrusted input. The vulnerability could allow object injectio...

8.8CVSS6.6AI score0.00257EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/12 4:53 a.m.5 views

CVE-2025-69276 Spectrum insecure deserialiation

Deserialization of Untrusted Data vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Object Injection.This issue affects DX NetOps Spectrum: 24.3.13 and earlier...

2.3CVSS6.6AI score0.00257EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/12 12:0 a.m.7 views

PT-2026-1951

Name of the Vulnerable Software and Affected Versions Broadcom DX NetOps Spectrum versions 24.3.13 and earlier Description A flaw exists in Broadcom DX NetOps Spectrum on Windows and Linux that allows for Object Injection due to deserialization of untrusted data. This issue impacts the software’s...

8.8CVSS6.8AI score0.00257EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/12 12:0 a.m.6 views

Broadcom DX NetOps Spectrum 安全漏洞

Broadcom DX NetOps Spectrum is a network fault management and condition monitoring platform from Broadcom Corporation USA. A security vulnerability exists in Broadcom DX NetOps Spectrum versions 24.3.13 and earlier, which stems from deserializing untrustworthy data and could lead to object...

8.8CVSS6.7AI score0.00257EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/10 5:41 a.m.3 views

CVE-2025-67911

Deserialization of Untrusted Data vulnerability in Tribulant Software Newsletters newsletters-lite allows Object Injection.This issue affects Newsletters: from n/a through = 4.11...

9.8CVSS5.9AI score0.00375EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/01/09 4:16 p.m.195 views

Realworld-for-Application_FUGIO_FirstFrameworkFuzzingDetectPOI

FUGIO Production Guide Introduction FUGIO is the firs...

7.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 12:31 p.m.9 views

CVE-2023-4971

The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a malicious file and a suitable gadget chain is present on the blog...

7.2CVSS6.7AI score0.00976EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:18 p.m.10 views

CVE-2018-10085

CMS Made Simple CMSMS through 2.2.6 allows PHP object injection because of an unserialize call in the getdata function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files...

9.8CVSS7.6AI score0.03926EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:15 p.m.9 views

CVE-2018-1000059

ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form unserialize method that can result in Possible to execute unauthorised system commands remotely and disclose file contents in file system...

9.8CVSS7.7AI score0.01652EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:13 a.m.10 views

CVE-2016-10753

e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC...

8.8CVSS8AI score0.01681EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:35 a.m.7 views

CVE-2017-18583

The post-pay-counter plugin before 2.731 for WordPress has PHP Object Injection...

9.8CVSS7.2AI score0.02072EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:35 a.m.3 views

CVE-2017-18604

The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request...

7.5CVSS7.4AI score0.01637EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:33 a.m.9 views

CVE-2017-18605

The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection...

9.8CVSS7.1AI score0.02339EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:7 a.m.7 views

CVE-2019-20452

A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/core.access/src/RecycleBinManager.php. An authenticated user with basic privileges can inject objects and achieve remote code execution...

8.8CVSS7.8AI score0.02135EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:6 a.m.6 views

CVE-2019-20453

A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/uploader.http/HttpDownload.php. An authenticated user with basic privileges can inject objects and achieve remote code execution...

8.8CVSS7.8AI score0.02135EPSS
Exploits0References1
Rows per page
Query Builder