EUVD-2023-33697

Malicious code in bioql PyPI...

EUVD-2021-7538

Malicious code in bioql PyPI...

EUVD-2022-3022

Malicious code in bioql PyPI...

EUVD-2017-4457

Malicious code in bioql PyPI...

CVE-2025-9083

The Ninja Forms WordPress plugin before 3.11.1 unserializes user input via form field, which could allow Unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

CVE-2025-9083

CVE-2025-9083 affects Ninja Forms for WordPress (pre-3.11.1). The vulnerability arises from unserializing user input in a form field, enabling unauthenticated PHP Object Injection when a suitable gadget exists on the blog. Remediation: upgrade Ninja Forms to version 3.11.1 or later (patched in so...

CVE-2025-9083 Ninja-forms < 3.11.1 - Unauthenticated PHP Objection

The Ninja Forms WordPress plugin before 3.11.1 unserializes user input via form field, which could allow Unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

Linux Distros Unpatched Vulnerability : CVE-2024-31211

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress is an open publishing platform for the Web. Unserialization of instances of the WPHTMLToken class allows for code execution via its destruct magic...

CVE-2023-6049

The Estatik Real Estate Plugin WordPress plugin before 4.1.1 unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blog...

CVE-2023-2180

The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod arbitrary files, as well as perform PHAR unserialization assuming they can upload a file on the server...

CVE-2023-1549

The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

CVE-2023-1347

The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

CVE-2021-38585

The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks SEC-585...

CVE-2021-20076

Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution RCE on the Tenable.sc server via Hypertext Preprocessor unserialization...

CVE-2020-1900

When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32....

CVE-2012-1605

The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature HMAC for a request argument."...

CVE-2019-19373

An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/pagetemplates/pageremotecontent/pageremotecontent.inc POST paramete...

CVE-2016-10949

The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization...

CVE-2018-1999019

Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. This attack appear to be exploitable via a simple GET request to the api endpoint. This...

Alibaba Cloud Linux 3 : 0161: php:7.4 (ALINUX3-SA-2022:0161)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0161 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-28948: ArchiveTar through 1.4.10...