PT-2026-24207

CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stream, triggering unsafe deserialization...

CVE-2020-7528

A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect V3.6.3.574 and prior which could allow arbitrary code execution when an attacker builds a custom .PRJ file containing a malicious serialized buffer...

Topal Finanzbuchhaltung 安全漏洞

Topal Finanzbuchhaltung is an accounting software from Topal Switzerland. A security vulnerability exists in Topal Finanzbuchhaltung version 10.1.5.20, which originates from deserializing untrustworthy data and could lead to remote code execution...

EUVD-2022-6094

Malicious code in bioql PyPI...

CVE-2025-49533

Adobe Experience Manager MS versions 6.5.23.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction. Scope is unchanged...

CVE-2025-27203 Adobe Connect | Deserialization of Untrusted Data (CWE-502)

Adobe Connect versions 24.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution by an attacker. Exploitation of this issue does require user interaction and scope is changed...

Security Bulletin: IBM Cloud Pak for Data Object Injection due to YAML Parsing in RDoc gem (CVE-2024-27281)

Summary Potential vulnerabilities in rdoc module CVE-2024-27281 has been identified that may affect IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-27281 DESCRIPTION: An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in...

PT-2025-24655 · Loftocean · Loftocean Cozystay

Name of the Vulnerable Software and Affected Versions: LoftOcean CozyStay versions prior to 1.7.1 Description: The issue is related to Deserialization of Untrusted Data, which allows Object Injection. Recommendations: For versions prior to 1.7.1, update to version 1.7.1 or later to resolve the...

CVE-2025-48951 Auth0-PHP SDK Deserialization of Untrusted Data vulnerability

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. Versions 8.0.0-BETA3 prior to 8.3.1 contain a vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially...

GHSA-98V7-XXXV-HCRH Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong's...

CVE-2025-32293 WordPress Finance Consultant theme <= 2.8 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in designthemes Finance Consultant finance allows Object Injection.This issue affects Finance Consultant: from n/a through = 2.8...

PT-2025-22677 · Ancorathemes · Ancorathemes Umberto

Name of the Vulnerable Software and Affected Versions: AncoraThemes Umberto versions 1.2.8 and earlier Description: The issue is related to Deserialization of Untrusted Data, which allows Object Injection. Recommendations: For versions 1.2.8 and earlier, update to a version that fixes this issue...

CVE-2021-42127

A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service...

PT-2025-22091 · WordPress · Grand Restaurant

Name of the Vulnerable Software and Affected Versions: Grand Restaurant WordPress versions 7.0 and earlier Description: The issue is related to Deserialization of Untrusted Data, which allows Object Injection. This can potentially lead to exploitation by injecting malicious objects into the...

CVE-2025-46738 Deserialization of Untrusted Data

An authenticated attacker can maliciously modify layout data files in the SEL-5033 installation directory to execute arbitrary code...

CVE-2025-32607 WordPress WpBookingly plugin <= 1.3.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in magepeopleteam WpBookingly service-booking-manager allows Object Injection.This issue affects WpBookingly: from n/a through = 1.3.0...

CVE-2025-30285

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security protections...

CVE-2025-30284

CVE-2025-30284 affects Adobe ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier. The issue is a Deserialization of Untrusted Data vulnerability that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction, and high privileges can be im...

CVE-2025-24447

CVE-2025-24447 affects Adobe ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier. The issue is a Deserialization of Untrusted Data vulnerability that could lead to arbitrary code execution in the context of the current user, with a High impact on Confidentiality and Integrity . Exploitation ...

CVE-2025-30285 ColdFusion | Deserialization of Untrusted Data (CWE-502)

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security protections...