100 matches found
CVE-2026-32511 WordPress Stål theme < 1.7 - Arbitrary Object Instantiation vulnerability
Deserialization of Untrusted Data vulnerability in Mikado-Themes Stål stal allows Object Injection.This issue affects Stål: from n/a through 1.7...
CVE-2026-32508 WordPress Halstein theme < 1.8 - Arbitrary Object Instantiation vulnerability
Deserialization of Untrusted Data vulnerability in Mikado-Themes Halstein halstein allows Object Injection.This issue affects Halstein: from n/a through 1.8...
CVE-2026-32509 WordPress Gracey theme < 1.4 - Arbitrary Object Instantiation vulnerability
Deserialization of Untrusted Data vulnerability in Edge-Themes Gracey gracey allows Object Injection.This issue affects Gracey: from n/a through 1.4...
CVE-2026-32509
CVE-2026-32509 is a deserialization of untrusted data vulnerability in the WordPress Gracey theme (
CVE-2026-32508
CVE-2026-32508 affects the WordPress Halstein theme prior to v1.8. The vulnerability is due to deserialization of untrusted data, enabling object injection in Halstein before 1.8. Affected software is Mikado-Themes Halstein halstein; impact is described as potential object injection with limited ...
CVE-2026-32507 WordPress Leroux theme < 1.4 - Arbitrary Object Instantiation vulnerability
Deserialization of Untrusted Data vulnerability in Elated-Themes Leroux leroux allows Object Injection.This issue affects Leroux: from n/a through 1.4...
CVE-2026-32506
CVE-2026-32506 affects WordPress Archicon theme versions prior to 1.7. The issue is described as a deserialization of untrusted data that allows arbitrary object instantiation (object injection) in Archicon. The affected component is the Archicon WordPress theme; root cause is deserialization lea...
CVE-2026-32507
The CVE-2026-32507 entry documents a Deserialization of Untrusted Data vulnerability in the WordPress Leroux theme (Elated-Themes Leroux), affecting Leroux versions prior to 1.4. The core issue is Object Injection via deserialized untrusted data in Leroux, with reported exposure affecting the the...
CVE-2026-32507 WordPress Leroux theme < 1.4 - Arbitrary Object Instantiation vulnerability
Deserialization of Untrusted Data vulnerability in Elated-Themes Leroux leroux allows Object Injection.This issue affects Leroux: from n/a through 1.4...
WordPress Halstein theme < 1.8 - Arbitrary Object Instantiation vulnerability
Arbitrary Object Instantiation vulnerability discovered by Denver Jackson in WordPress Theme Halstein versions 1.8...
WordPress Leroux theme < 1.4 - Arbitrary Object Instantiation vulnerability
Arbitrary Object Instantiation vulnerability discovered by Denver Jackson in WordPress Theme Leroux versions 1.4...
WordPress Archicon theme < 1.7 - Arbitrary Object Instantiation vulnerability
Arbitrary Object Instantiation vulnerability discovered by Denver Jackson in WordPress Theme Archicon versions 1.7...
WordPress Stål theme < 1.7 - Arbitrary Object Instantiation vulnerability
Arbitrary Object Instantiation vulnerability discovered by Denver Jackson in WordPress Theme Stål versions 1.7...
WordPress Kamperen theme < 1.3 - Arbitrary Object Instantiation vulnerability
Arbitrary Object Instantiation vulnerability discovered by Denver Jackson in WordPress Theme Kamperen versions 1.3...
WordPress Gracey theme < 1.4 - Arbitrary Object Instantiation vulnerability
Arbitrary Object Instantiation vulnerability discovered by Denver Jackson in WordPress Theme Gracey versions 1.4...
CVE-2025-71250
SPIP before 4.4.9 is affected by an Insecure Deserialization via the table_valeur filter and the DATA iterator, which accept serialized data. An attacker with prior access or another vulnerability can trigger arbitrary object instantiation and potentially code execution. The use of serialized dat...
CVE-2026-25925
PowerDocu contains a Windows GUI executable to perform technical documentations. Prior to 2.4.0, PowerDocu contains a critical security vulnerability in how it parses JSON files within Flow or App packages. The application blindly trusts the $type property in JSON files, allowing an attacker to...
CVE-2017-18375
Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php and democratic.class.php...
CVE-2022-31084
LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 There are cases where LAM instantiates objects from arbitrary classes. An attacker can inject the first constructor argument. This can lead to cod...
PT-2026-20916
Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.9 Description SPIP versions prior to 4.4.9 contain an Insecure Deserialization flaw. The issue is present in the handling of serialized data within the table valeur filter and the DATA iterator. An attacker who can...