95 matches found
Roundcube Webmail - Remote Code Execution
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization. id: CVE-2025-49113 info: name: Roundcube Webmail - Remote...
📄 MixPHP Framework 2.2.17 Deserialization / Arbitrary Code Execution
MixPHP Framework versions 2.x through 2.2.17 suffer from an insecure deserialization vulnerability that allows for remote code execution. Exploit Title: MixPHP Framework 2.2.17 - Unsafe Deserialization Remote Code Execution Date: 2026-05-14 Exploit Author: cardosource Vendor Homepage:...
CVE-2026-3328
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to PHP Object Injection via deserialization of the 'postcontent' of adminform posts in all versions up to, and including, 3.28.31. This is due to the use of WordPress's maybeunserialize function without class restrictions on...
CVE-2026-32484 WordPress weForms plugin <= 1.6.26 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in BoldGrid weForms weforms allows Object Injection.This issue affects weForms: from n/a through = 1.6.26...
CVE-2026-25429 WordPress Nexa Blocks plugin <= 1.1.1 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in wpdive Nexa Blocks nexa-blocks allows Object Injection.This issue affects Nexa Blocks: from n/a through = 1.1.1...
CVE-2026-22475 WordPress Estate theme <= 1.3.4 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in axiomthemes Estate estate allows Object Injection.This issue affects Estate: from n/a through = 1.3.4...
CVE-2026-22453 WordPress Pets Club theme <= 2.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeREX Pets Club petclub allows Object Injection.This issue affects Pets Club: from n/a through = 2.3...
CVE-2026-22454 WordPress Solaris theme <= 2.5 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeREX Solaris solaris allows Object Injection.This issue affects Solaris: from n/a through = 2.5...
CVE-2026-24891
openITCOCKPIT prior to 5.4.0 contains an unsafe deserialization sink in the Gearman worker (oitc_gearman) that calls PHP’s unserialize() on job payloads without class restrictions or origin validation. This enables PHP Object Injection when Gearman is exposed to untrusted systems or network acces...
CVE-2026-24891 openITCOCKPIT has Unsafe PHP Deserialization in Gearman Worker Allowing Conditional Object Injection
openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. Versions 5.3.1 and below contain an unsafe deserialization sink in the Gearman worker implementation. The worker function registered as oitcgearman calls PHP's unserialize on...
CVE-2026-24891 openITCOCKPIT has Unsafe PHP Deserialization in Gearman Worker Allowing Conditional Object Injection
openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. Versions 5.3.1 and below contain an unsafe deserialization sink in the Gearman worker implementation. The worker function registered as oitcgearman calls PHP's unserialize on...
CVE-2026-23549 WordPress WpEvently plugin <= 5.1.1 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through = 5.1.1...
CVE-2025-58619 WordPress Falang multilanguage Plugin <= 1.3.65 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in sbouey Falang multilanguage falang allows Object Injection.This issue affects Falang multilanguage: from n/a through = 1.3.65...
CVE-2025-53586
CVE-2025-53586 describes a deserialization of untrusted data vulnerability in the WordPress WordPress theme Noi? NooTheme WeMusic (noo-wemusic) affecting versions from n/a through ≤ 1.9.1. The underlying issue is PHP object injection due to deserializing untrusted data in the WeMusic plugin/theme...
PT-2025-44222
Name of the Vulnerable Software and Affected Versions Contact Form CFDB7 versions up to and including 1.3.2 Description The Contact Form CFDB7 plugin for WordPress is affected by a pre-authentication SQL injection that can lead to insecure deserialization PHP Object Injection. Insufficient...
CVE-2025-60226 WordPress White Rabbit theme <= 1.5.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in axiomthemes White Rabbit whiterabbit allows Object Injection.This issue affects White Rabbit: from n/a through = 1.5.2...
EUVD-2019-4447
Malware in sbrugna...
EUVD-2004-1017
Malware in sbrugna...
EUVD-2024-52306
Malicious code in bioql PyPI...
EUVD-2024-52307
Malicious code in bioql PyPI...