Lucene search
K

120 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:32 p.m.4 views

CVE-2022-1984

This issue affects: HYPR Windows WFA versions prior to 7.2; Unsafe Deserialization vulnerability in HYPR Workforce Access WFA before version 7.2 may allow local authenticated attackers to elevate privileges via a malicious serialized payload...

7.8CVSS6.5AI score0.00174EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/30 7:11 p.m.10 views

CVE-2025-34489

GFI MailEssentials prior to version 21.8 is vulnerable to a local privilege escalation issue. A local attacker can escalate to NT Authority/SYSTEM by sending a crafted serialized payload to a .NET Remoting Service...

7.8CVSS7.1AI score0.00269EPSS
Exploits1References1
OSV
OSV
added 2025/04/28 7:15 p.m.2 views

CVE-2025-34489

GFI MailEssentials prior to version 21.8 is vulnerable to a local privilege escalation issue. A local attacker can escalate to NT Authority/SYSTEM by sending a crafted serialized payload to a .NET Remoting Service...

7.8CVSS7.3AI score0.00269EPSS
Exploits1References3
NVD
NVD
added 2025/04/28 7:15 p.m.11 views

CVE-2025-34489

GFI MailEssentials prior to version 21.8 is vulnerable to a local privilege escalation issue. A local attacker can escalate to NT Authority/SYSTEM by sending a crafted serialized payload to a .NET Remoting Service...

7.8CVSS0.00269EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/04/28 6:50 p.m.17 views

CVE-2025-34489 GFI MailEssentials < 21.8 Local Privilege Escalation

GFI MailEssentials prior to version 21.8 is vulnerable to a local privilege escalation issue. A local attacker can escalate to NT Authority/SYSTEM by sending a crafted serialized payload to a .NET Remoting Service...

7.8CVSS0.00269EPSS
Exploits1References3
CVE
CVE
added 2025/04/28 6:50 p.m.83 views

CVE-2025-34489

CVE-2025-34489 affects GFI MailEssentials prior to version 21.8. A local privilege escalation is possible when a crafted serialized payload is sent to the .NET Remoting Service, allowing an attacker to elevate to NT Authority/SYSTEM. Public-advisory sources confirm impact on affected versions and...

7.8CVSS7.8AI score0.00269EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/06 12:43 a.m.14 views

CVE-2022-3568

The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the 'clipath' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into...

8.8CVSS6.7AI score0.00626EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:32 p.m.7 views

CVE-2022-2438

The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the '$logfile' value in versions up to, and including 1.11.16. This makes it possible for authenticated attackers with administrative privileges and above to call files using a PHAR wrapper that...

7.2CVSS6.7AI score0.01307EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:21 p.m.7 views

CVE-2022-2437

The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the 'ftsurl' parameter in versions up to, and including 2.9.8.5. This makes it possible for unauthenticated attackers to call files using a PHAR wrapper that will...

9.8CVSS6.9AI score0.0134EPSS
Exploits0References1
NVD
NVD
added 2024/09/13 3:15 p.m.15 views

CVE-2022-2446

The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'currentthemeroot' parameter in versions up to, and including 1.2.9. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will...

7.2CVSS0.00578EPSS
Exploits0References2
OSV
OSV
added 2024/09/13 3:15 p.m.5 views

CVE-2022-2446

The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'currentthemeroot' parameter in versions up to, and including 1.2.9. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will...

7.2CVSS5.9AI score0.00578EPSS
Exploits0References2
CVE
CVE
added 2024/09/13 3:10 p.m.56 views

CVE-2022-2446

CVE-2022-2446 affects the WP Editor WordPress plugin. The vulnerability is a PHAR deserialization issue via the current_theme_root parameter in versions up to and including 1.2.9. An authenticated attacker with administrative privileges who can upload a serialized payload can trigger deserializat...

7.2CVSS7.1AI score0.00578EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/09/13 3:10 p.m.34 views

CVE-2022-2446 WP Editor <= 1.2.9 - Authenticated (Admin+) PHAR Deserialization

The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'currentthemeroot' parameter in versions up to, and including 1.2.9. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will...

7.2CVSS0.00578EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/13 3:10 p.m.14 views

CVE-2022-2446 WP Editor <= 1.2.9 - Authenticated (Admin+) PHAR Deserialization

The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'currentthemeroot' parameter in versions up to, and including 1.2.9. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will...

7.2CVSS6.8AI score0.00578EPSS
Exploits0References2
NVD
NVD
added 2024/08/29 11:15 a.m.7 views

CVE-2022-2440

The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'imagesarray' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserializ...

7.2CVSS0.0074EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2024/08/29 11:15 a.m.1 views

CVE-2022-2440

The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'imagesarray' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserializ...

7.2CVSS6AI score0.0074EPSS
Exploits0References4
OSV
OSV
added 2024/08/29 11:15 a.m.5 views

CVE-2022-2440

The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'imagesarray' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserializ...

7.2CVSS5.9AI score0.0074EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/08/29 3:30 a.m.21 views

CVE-2022-2440 Theme Editor <= 2.8 - Authenticated (Admin+) PHAR Deserialization

The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'imagesarray' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserializ...

7.2CVSS0.0074EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2024/04/17 1:36 p.m.438 views

Exploit for Deserialization of Untrusted Data in Apache Kafka_Connect

Apache Druid CVE-2023-25194 CVE-2023-25194 is a deserializati...

8.8CVSS8.1AI score0.95302EPSS
Exploits8
RedhatCVE
RedhatCVE
added 2024/01/10 10:1 a.m.36 views

CVE-2024-21664

A null pointer dereference vulnerability was found in the jwx/jws Go module. This issue arises when invoking "jws.Parse" with a JSON serialized payload containing a present signature field while the protected field is absentm, which may cause a system crash or initiate a denial of service DOS...

7.5CVSS4.7AI score0.00864EPSS
Exploits1References4
Rows per page
Query Builder