CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE-2025-54785 affects SuiteCRM versions 7.14.6 and 8.8.0. The issue arises from unvalidated user input passed to unserialize(), enabling potential penetration, privilege escalation, sensitive data exposure, Denial of Service, cryptomining and ransomware. Remediation: upgrade to 7.14.7 or 8.8.1. ...

8.8CVSS6.2AI score0.003EPSS

Exploits0References2Affected Software1

Cvelist•added 2025/07/23 10:2 p.m.•7 views

CVE-2016-15044 Kaltura < 11.1.0-2 PHP Object Injection RCE

A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe deserialization of user-controlled data within the keditorservices module. An unauthenticated remote attacker can exploit this issue by sending a specially crafted serialized PHP object in the kdata G...

9.3CVSS0.75971EPSS

Exploits0References4

RedhatCVE•added 2025/05/22 11:1 p.m.•5 views

CVE-2022-3359

The Shortcodes and extra features for Phlox theme WordPress plugin before 2.10.7 unserializes the content of an imported file, which could lead to PHP object injection when a user imports intentionally or not a malicious file and a suitable gadget chain is present on the blog...

8.8CVSS7.2AI score0.00755EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by