7270 matches found
CVE-2026-57744
Deserialization of Untrusted Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Object Injection.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...
CVE-2026-57724
Deserialization of Untrusted Data vulnerability in Themeum Kirki kirki allows Object Injection.This issue affects Kirki: from n/a through = 6.0.12...
CVE-2026-57770
The CVE-2026-57770 entry concerns Deserialization of Untrusted Data in the WordPress Theme Grand Photography plugin/theme. Affected: Grand Photography versions up to 5.7.8. Root cause: PHP object injection arising from untrusted data deserialization. Impact: high confidentiality, integrity, and a...
CVE-2026-59521
The CVE-2026-59521 issue affects the WordPress Real Testimonials plugin (testimonial-free) by Deserialization of Untrusted Data, enabling PHP object injection in versions
CVE-2026-59521 WordPress Real Testimonials plugin <= 3.1.15 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC Real Testimonials testimonial-free allows Object Injection.This issue affects Real Testimonials: from n/a through = 3.1.15...
CVE-2026-57713
CVE-2026-57713 : The WordPress Plugins Events Manager (events-manager ) is affected up to version 7.3.6. The issue is a PHP Object Injection caused by deserialization of untrusted data, enabling object injection. The affected component is the Events Manager plugin for WordPress; root cause is des...
CVE-2026-57724 WordPress Kirki plugin <= 6.0.12 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Themeum Kirki kirki allows Object Injection.This issue affects Kirki: from n/a through = 6.0.12...
CVE-2026-57724
CVE-2026-57724 affects the WordPress Kirki plugin (Kirki <= 6.0.12). The root cause is a deserialization of untrusted data leading to PHP Object Injection . According to the sources, this vulnerability can be exploited remotely (network attack vector) with no user interaction and can impact co...
Adobe ColdFusion - Pre-Auth Remote Code Execution
Adobe ColdFusion versions 2018u16 and earlier, 2021u6 and earlier and 2023.0.0.330468 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. id: CVE-2023-29300 info:...
Veeam Backup & Replication - Unauthenticated
A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution RCE. id: CVE-2024-40711 info: name: Veeam Backup & Replication - Unauthenticated author: rootxharsh,iamnoooob,DhiyaneshDK severity: critical description: | A deserializati...
EUVD-2026-43191
Deserialization of untrusted data in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...
PT-2026-57486
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description Deserialization of untrusted data allows an unauthorized attacker to execute code over a network. Deserialization is the process of converting a data format, such as JSO...
CVE-2026-54469
Dell Unisphere for PowerMax, versions 10.3.0.5 and earlier, are affected by a Deserialization of Untrusted Data vulnerability that could allow arbitrary command execution with root privileges via remote access from a low-privilege attacker. The CVE (CVE-2026-54469) is documented with a high-sever...
EUVD-2026-42874
Dell Unisphere for PowerMax, versions 10.3.0.5 and prior, contains a Deserialization of Untrusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges...
CVE-2026-50188
Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plugins using the Kirby Http Remote class, including Remote::request, Remote::get, and Remote::post, to send outgoing HTTP requests with untrusted data in the headers option could allow newline characters...
CVE-2026-50188
Kirby CMS is affected in versions prior to 4.9.4 and 5.4.4 where the Kirby\Http\Remote class (Remote::request/Remote::get/Remote::post) can be given untrusted header data. The issue stems from newline characters in header values being passed to the underlying HTTP request, allowing injection of a...
CVE-2026-50188 Kirby: Request header injection in `Http\Remote`
Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plugins using the Kirby Http Remote class, including Remote::request, Remote::get, and Remote::post, to send outgoing HTTP requests with untrusted data in the headers option could allow newline characters...
CVE-2026-15308
The incremental HTML parser html.parser.HTMLParser allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data...
jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution
A flaw was found in jackson-databind, a library used for processing data. This vulnerability allows an attacker to bypass security controls designed to validate data types. By sending specially crafted input, an attacker can force the system to process untrusted data, which may lead to the...
PYSEC-2026-1208 Azure Core is vulnerable to deserialization of untrusted data
Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network...