292 matches found
CVE-2021-24465
The Meow Gallery WordPress plugin before 4.1.9 does not sanitise, validate or escape the ids attribute of its gallery shortcode available for users as low as Contributor before using it in an SQL statement, leading to an authenticated SQL Injection issue. The injection also allows the returned...
Linux Distros Unpatched Vulnerability : CVE-2023-37895
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including...
Linux Distros Unpatched Vulnerability : CVE-2016-7411
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext/standard/varunserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service memo...
CVE-2023-37895
Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...
CVE-2024-3301
An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to post-authentication remote code execution...
CVE-2024-3300
An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution...
PT-2025-3883 · WordPress · Ai Power: Complete Ai Pack
Name of the Vulnerable Software and Affected Versions: AI Power: Complete AI Pack plugin for WordPress versions up to, and including, 1.8.96 Description: The issue allows authenticated attackers with administrative privileges to inject a PHP Object via deserialization of untrusted input from the...
GHSA-76H9-2VWH-W278 Apache MINA Deserialization RCE Vulnerability
The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sending specially crafted malicious...
WordPress plugin Funnelforms Free 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
RHEL 6 / 7 : rh-maven33-groovy (RHSA-2017:2596)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2596 advisory. Groovy is an agile and dynamic language for the Java Virtual Machine, built upon Java with features inspired by languages like Python,...
K000141270: PHP vulnerabilities CVE-2016-7411, CVE-2016-9138, CVE-2016-9137, CVE-2016-4541, and CVE-2016-4540
Security Advisory Description CVE-2016-7411 ext/standard/varunserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via an unserialize call that referenc...
CVE-2024-8375 Object deserialization in Reverb leading to RCE
There exists a use after free vulnerability in Reverb. Reverb supports the VARIANT datatype, which is supposed to represent an arbitrary object in C++. When a tensor proto of type VARIANT is unpacked, memory is first allocated to store the entire tensor, and a ctor is called on each instance...
CVE-2024-8030
The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the ultimatestorekitwishlist cookie in versions up to , and...
CVE-2024-7561 The Next <= 1.1.0 - Authenticated (Contributor+) PHP Object Injection
The The Next theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the wpedenpostmeta post meta value. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject...
RHEL 5 : xmlrpc (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - xmlrpc: XML external entity vulnerability SSRF via a crafted DTD CVE-2016-5002 - xmlrpc: Deserialization ...
CVE-2024-3300
An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution...
CVE-2024-3300 Pre-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024
An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution...
CVE-2024-3300 Pre-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024
An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution...
CVE-2024-3300
CVE-2024-3300 describes an unsafe ".NET" object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 that enables pre‑authentication remote code execution. The issue stems from deserializing untrusted .NET objects, allowing an attacker to execute arbitrary code before ...
CVE-2024-3301 Post-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024
An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to post-authentication remote code execution...