Export limit exceeded: 35224 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 16384 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2687 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-1323 | 2 Cps-it, Typo3 | 2 Mailqueue, Extension "mailqueue" | 2026-04-25 | 8.8 High |
| The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker may exploit this to execute untrusted serialized code. Note that an active exploit requires write access to the directory configured at $GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport_spool_filepath']. | ||||
| CVE-2025-60080 | 1 Wordpress | 1 Wordpress | 2026-04-24 | 7.5 High |
| Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Gravity Forms + Drag And Drop Template Builder pdf-for-gravity-forms allows Object Injection.This issue affects PDF for Gravity Forms + Drag And Drop Template Builder: from n/a through <= 6.5.0. | ||||
| CVE-2025-60081 | 1 Wordpress | 1 Wordpress | 2026-04-24 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Contact Form 7 pdf-for-contact-form-7 allows Object Injection.This issue affects PDF for Contact Form 7: from n/a through <= 6.5.0. | ||||
| CVE-2025-60082 | 2 Add-ons.org, Wordpress | 2 Pdf For Wpforms, Wordpress | 2026-04-24 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Object Injection.This issue affects PDF for WPForms: from n/a through <= 6.5.0. | ||||
| CVE-2025-60083 | 3 Add-ons.org, Woocommerce, Wordpress | 3 Pdf Invoice Builder For Woocommerce, Woocommerce, Wordpress | 2026-04-24 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in add-ons.org PDF Invoice Builder for WooCommerce pdf-for-woocommerce allows Object Injection.This issue affects PDF Invoice Builder for WooCommerce: from n/a through <= 6.5.0. | ||||
| CVE-2025-60089 | 3 Crm Perks, Crmperks, Wordpress | 3 Wp Gravity Forms Freshdesk Plugin, Wp Gravity Forms Freshdesk Plugin, Wordpress | 2026-04-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms FreshDesk Plugin gf-freshdesk allows Object Injection.This issue affects WP Gravity Forms FreshDesk Plugin: from n/a through <= 1.3.5. | ||||
| CVE-2025-60090 | 3 Crm Perks, Crmperks, Wordpress | 3 Wp Gravity Forms Insightly, Wp Gravity Forms Insightly, Wordpress | 2026-04-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Insightly gf-insightly allows Object Injection.This issue affects WP Gravity Forms Insightly: from n/a through <= 1.1.6. | ||||
| CVE-2025-60091 | 3 Crm Perks, Crmperks, Wordpress | 3 Wp Gravity Forms Zoho Crm And Bigin, Wp Gravity Forms Zoho Crm And Bigin, Wordpress | 2026-04-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Zoho CRM and Bigin gf-zoho allows Object Injection.This issue affects WP Gravity Forms Zoho CRM and Bigin: from n/a through <= 1.2.9. | ||||
| CVE-2025-60174 | 3 Crm Perks, Crmperks, Wordpress | 3 Wp Gravity Forms Constant Contact Plugin, Wp Gravity Forms Constant Contact Plugin, Wordpress | 2026-04-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Constant Contact Plugin gf-constant-contact allows Object Injection.This issue affects WP Gravity Forms Constant Contact Plugin: from n/a through <= 1.1.2. | ||||
| CVE-2025-60178 | 3 Crm Perks, Crmperks, Wordpress | 3 Wp Gravity Forms Hubspot, Wp Gravity Forms Hubspot, Wordpress | 2026-04-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot allows Object Injection.This issue affects WP Gravity Forms HubSpot: from n/a through <= 1.2.6. | ||||
| CVE-2025-64206 | 2 Tielabs, Wordpress | 2 Jannah, Wordpress | 2026-04-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in TieLabs Jannah jannah allows Object Injection.This issue affects Jannah: from n/a through <= 7.6.0. | ||||
| CVE-2025-64266 | 2 Magepeople, Wordpress | 2 Booking & Rental Manager, Wordpress | 2026-04-24 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Object Injection.This issue affects Booking and Rental Manager: from n/a through <= 2.5.4. | ||||
| CVE-2025-50004 | 2 Artbees, Wordpress | 2 Jupiter X Core, Wordpress | 2026-04-24 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in artbees JupiterX Core jupiterx-core allows Object Injection.This issue affects JupiterX Core: from n/a through <= 4.10.1. | ||||
| CVE-2025-68853 | 2 Kleor, Wordpress | 2 Contact Manager, Wordpress | 2026-04-24 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Kleor Contact Manager contact-manager allows Object Injection.This issue affects Contact Manager: from n/a through <= 9.1.1. | ||||
| CVE-2026-22471 | 2 Maximsecudeal, Wordpress | 2 Secudeal Payments For Ecommerce, Wordpress | 2026-04-24 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in maximsecudeal Secudeal Payments for Ecommerce secudeal-payments-for-ecommerce allows Object Injection.This issue affects Secudeal Payments for Ecommerce: from n/a through <= 1.1. | ||||
| CVE-2026-22384 | 2 Leafcolor, Wordpress | 2 Applay - Shortcodes, Wordpress | 2026-04-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in leafcolor Applay - Shortcodes applay-shortcodes allows Object Injection.This issue affects Applay - Shortcodes: from n/a through <= 3.7. | ||||
| CVE-2026-4860 | 1 648540858 | 1 Wvp-gb28181-pro | 2026-04-24 | 7.3 High |
| A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. This affects the function GenericFastJsonRedisSerializer of the file src/main/java/com/genersoft/iot/vmp/conf/redis/RedisTemplateConfig.java of the component API Endpoint. The manipulation results in deserialization. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-25400 | 2 Thememount, Wordpress | 2 Apicona, Wordpress | 2026-04-24 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in thememount Apicona apicona allows Object Injection.This issue affects Apicona: from n/a through <= 24.1.0. | ||||
| CVE-2026-25429 | 2 Wordpress, Wpdive | 2 Wordpress, Nexa Blocks | 2026-04-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in wpdive Nexa Blocks nexa-blocks allows Object Injection.This issue affects Nexa Blocks: from n/a through <= 1.1.1. | ||||
| CVE-2026-27084 | 2 Themerex, Wordpress | 2 Buisson, Wordpress | 2026-04-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeREX Buisson buisson allows Object Injection.This issue affects Buisson: from n/a through <= 1.1.11. | ||||