| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions. |
| Unauthenticated PHP Object Injection in Plumbing <= 1.6 versions. |
| Unauthenticated PHP Object Injection in Konsept <= 1.9 versions. |
| Unauthenticated PHP Object Injection in Hiroshi <= 1.5.1 versions. |
| Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions. |
| Unauthenticated PHP Object Injection in ShiftUp <= 1.3 versions. |
| Unauthenticated PHP Object Injection in Zoya <= 1.4 versions. |
| Unauthenticated PHP Object Injection in Château <= 1.2.1 versions. |
| MosaicML Composer Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MosaicML Composer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of checkpoints. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27990. |
| Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 versions. |
| Unauthenticated PHP Object Injection in Broadcast Live Video < 7.1.3 versions. |
| Contributor PHP Object Injection in Events Calendar for GeoDirectory <= 2.3.25 versions. |
| Unauthenticated PHP Object Injection in EventPrime <= 4.3.2.1 versions. |
| Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.2.1 versions. |
| Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.3 versions. |
| Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions. |
| Contributor PHP Object Injection in Avada <= 3.15.3 versions. |
| Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions. |
| Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 versions. |
| A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication. |
