PT-2025-14874 · Bitdefender · Bitdefender Gravityzone Console

Name of the Vulnerable Software and Affected Versions: Bitdefender GravityZone Console affected versions not specified Description: A vulnerability exists in the sendMailFromRemoteSource method in Emails.php, which unsafely uses the php unserialize function on user-supplied input without...

The vulnerability of the unserialize function in the Aspro content management platform allows attackers to execute arbitrary code. This vulnerability stems from defects in the deserialization mechanism.

The vulnerability of the unserialize function in the Aspro content management platform is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted POST request...

CVE-2025-0769

PixelYourSite - Your smart PIXEL TAG and API Manager 10.1.1.1 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/modules/facebook/facebook-server-a sync-task.php...

CVE-2025-0767

WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/classes/Writers/class-csv-writer.php...

CVE-2025-0769

PixelYourSite - Your smart PIXEL TAG and API Manager 10.1.1.1 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/modules/facebook/facebook-server-a sync-task.php...

CVE-2025-0769

PixelYourSite – Your smart PIXEL (TAG) and API Manager plugin (WordPress) version 10.1.1.1 is affected by CVE-2025-0769 due to unvalidated user input being used directly in an unserialize call inside myapp/modules/facebook/facebook-server-sync-task.php. The vulnerability is described as an unauth...

PT-2025-9133 · Unknown · Pixelyoursite

Name of the Vulnerable Software and Affected Versions: PixelYourSite - Your smart PIXEL TAG and API Manager version 10.1.1.1 Description: The issue arises from unvalidated user input being used directly in an unserialize function. This occurs in the myapp/modules/facebook/facebook-server-a...

CVE-2025-0767

WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/classes/Writers/class-csv-writer.php...

CVE-2025-0767

WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/classes/Writers/class-csv-writer.php...

CVE-2022-41922

yiisoft/yii before version 1.1.27 are vulnerable to Remote Code Execution RCE if the application calls unserialize on arbitrary user input. This has been patched in 1.1.27...

CVE-2020-11066

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary...

CVE-2024-10936

The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.6 via deserialization of untrusted input in the 'recursiveunserializereplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP...

The vulnerability of the unserialize() function in the Eloqua CMS system’s Drupal module allows a hacker to execute arbitrary code.

The vulnerability of the unserialize function in the Eloqua CMS system’s Drupal module is related to the restoration of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2024-55555

Invoice Ninja before 5.10.43 allows remote code execution from a pre-authenticated route when an attacker knows the APPKEY. This is exacerbated by .env files, available from the product's repository, that have default APPKEY values. The route/hash route defined in the invoiceninja/routes/client.p...

WordPress Backup Migration plugin <= 1.4.6 - Unauthenticated PHP Object Injection via 'recursive_unserialize_replace' vulnerability

Unauthenticated PHP Object Injection via 'recursiveunserializereplace' vulnerability discovered by Webbernaut in WordPress Plugin Backup Migration versions = 1.4.6...

DEBIAN-CVE-2024-56522

An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != aka loose comparison and does not use a constant-time function to compare TCPDF tag hashes...

UBUNTU-CVE-2024-56522

An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != aka loose comparison and does not use a constant-time function to compare TCPDF tag hashes...

TCPDF 安全漏洞

TCPDF is an open source library from Tecnick. It is used to generate PDF documents and barcodes. TCPDF version before 6.8.0 has a security vulnerability , the vulnerability stems from unserializeTCPDFtag use "! =" and does not use the constant-time function to compare TCPDF tag hashes...

CVE-2024-56522

TCPDF vulnerability CVE-2024-56522 affects TCPDF before 6.8.0, where unserializeTCPDFtag uses loose comparison ( != ) and does not use a constant-time function to compare tag hashes. The issue is reported with CVSS v3.1: High (7.5) risk, network attack vector, no privileges required, no user inte...

CVE-2024-56522

An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != aka loose comparison and does not use a constant-time function to compare TCPDF tag hashes...