Lucene search
K

292 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 6:24 p.m.12 views

CVE-2021-24465

The Meow Gallery WordPress plugin before 4.1.9 does not sanitise, validate or escape the ids attribute of its gallery shortcode available for users as low as Contributor before using it in an SQL statement, leading to an authenticated SQL Injection issue. The injection also allows the returned...

8.1CVSS7.8AI score0.01131EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2023-37895

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including...

9.8CVSS8.9AI score0.02657EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.17 views

Linux Distros Unpatched Vulnerability : CVE-2016-7411

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext/standard/varunserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service memo...

9.8CVSS8.1AI score0.05649EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/02/14 12:19 p.m.11 views

CVE-2023-37895

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...

9.8CVSS7.9AI score0.02657EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/02/05 10:17 a.m.12 views

CVE-2024-3301

An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to post-authentication remote code execution...

8.5CVSS7.5AI score0.00671EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:4 a.m.7 views

CVE-2024-3300

An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution...

9CVSS7.5AI score0.02761EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/22 12:0 a.m.6 views

PT-2025-3883 · WordPress · Ai Power: Complete Ai Pack

Name of the Vulnerable Software and Affected Versions: AI Power: Complete AI Pack plugin for WordPress versions up to, and including, 1.8.96 Description: The issue allows authenticated attackers with administrative privileges to inject a PHP Object via deserialization of untrusted input from the...

7.2CVSS7.1AI score0.00642EPSS
Exploits0References11
OSV
OSV
added 2024/12/25 12:30 p.m.1 views

GHSA-76H9-2VWH-W278 Apache MINA Deserialization RCE Vulnerability

The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sending specially crafted malicious...

10CVSS7.6AI score0.23932EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/12/04 12:0 a.m.2 views

WordPress plugin Funnelforms Free 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

8.8CVSS8.5AI score0.00605EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/11/05 12:0 a.m.13 views

RHEL 6 / 7 : rh-maven33-groovy (RHSA-2017:2596)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2596 advisory. Groovy is an agile and dynamic language for the Java Virtual Machine, built upon Java with features inspired by languages like Python,...

9.8CVSS8.9AI score0.42983EPSS
Exploits5References6
F5 Networks
F5 Networks
added 2024/09/30 2:51 p.m.40 views

K000141270: PHP vulnerabilities CVE-2016-7411, CVE-2016-9138, CVE-2016-9137, CVE-2016-4541, and CVE-2016-4540

Security Advisory Description CVE-2016-7411 ext/standard/varunserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via an unserialize call that referenc...

9.8CVSS9.1AI score0.06229EPSS
Exploits4
Vulnrichment
Vulnrichment
added 2024/09/19 3:50 p.m.18 views

CVE-2024-8375 Object deserialization in Reverb leading to RCE

There exists a use after free vulnerability in Reverb. Reverb supports the VARIANT datatype, which is supposed to represent an arbitrary object in C++. When a tensor proto of type VARIANT is unpacked, memory is first allocated to store the entire tensor, and a ctor is called on each instance...

5.7CVSS7.3AI score0.00123EPSS
Exploits0References2
OSV
OSV
added 2024/08/28 3:15 a.m.3 views

CVE-2024-8030

The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the ultimatestorekitwishlist cookie in versions up to , and...

9.8CVSS6AI score0.01075EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/08 1:50 a.m.17 views

CVE-2024-7561 The Next <= 1.1.0 - Authenticated (Contributor+) PHP Object Injection

The The Next theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the wpedenpostmeta post meta value. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject...

8.8CVSS0.00659EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.29 views

RHEL 5 : xmlrpc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - xmlrpc: XML external entity vulnerability SSRF via a crafted DTD CVE-2016-5002 - xmlrpc: Deserialization ...

9.8CVSS7.8AI score0.14876EPSS
Exploits2References3
NVD
NVD
added 2024/05/30 4:15 p.m.13 views

CVE-2024-3300

An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution...

9CVSS9.4AI score0.02761EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/30 3:19 p.m.67 views

CVE-2024-3300 Pre-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024

An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution...

9CVSS9.4AI score0.02761EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/30 3:19 p.m.15 views

CVE-2024-3300 Pre-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024

An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution...

9CVSS7.8AI score0.02761EPSS
Exploits0References1
CVE
CVE
added 2024/05/30 3:19 p.m.75 views

CVE-2024-3300

CVE-2024-3300 describes an unsafe ".NET" object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 that enables pre‑authentication remote code execution. The issue stems from deserializing untrusted .NET objects, allowing an attacker to execute arbitrary code before ...

9CVSS9.5AI score0.02761EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/30 3:18 p.m.20 views

CVE-2024-3301 Post-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024

An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to post-authentication remote code execution...

8.5CVSS8.8AI score0.00671EPSS
Exploits0References1
Rows per page
Query Builder