Export limit exceeded: 351328 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2815 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58619 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in sbouey Falang multilanguage falang allows Object Injection.This issue affects Falang multilanguage: from n/a through <= 1.3.65. | ||||
| CVE-2024-6152 | 1 Wptexture | 1 Flipbox Builder | 2026-04-15 | 8.8 High |
| The Flipbox Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5 via deserialization of untrusted input in the flipbox_builder_Flipbox_ShortCode function. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | ||||
| CVE-2024-6644 | 2026-04-15 | 6.3 Medium | ||
| A vulnerability was found in zmops ArgusDBM up to 0.1.0. It has been classified as critical. Affected is the function getDefaultClassLoader of the file CalculateAlarm.java of the component AviatorScript Handler. The manipulation leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-271050 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-6645 | 2026-04-15 | 6.3 Medium | ||
| A vulnerability was found in WuKongOpenSource Wukong_nocode up to 20230807. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file ExpressionUtil.java of the component AviatorScript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-271051. | ||||
| CVE-2025-58592 | 2 Cozmoslabs, Wordpress | 2 Translatepress, Wordpress | 2026-04-15 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress translatepress-multilingual allows Object Injection.This issue affects TranslatePress: from n/a through <= 2.10.2. | ||||
| CVE-2025-58384 | 1 Doxense | 1 Watchdoc | 2026-04-15 | 10 Critical |
| In DOXENSE WATCHDOC before 6.1.1.5332, Deserialization of Untrusted Data can lead to remote code execution through the .NET Remoting library in the Watchdoc administration interface. | ||||
| CVE-2025-54723 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in BoldThemes DentiCare denticare allows Object Injection.This issue affects DentiCare: from n/a through < 1.4.3. | ||||
| CVE-2024-9005 | 1 Schneider Electric | 1 Ecostruxure Power Monitoring Expert | 2026-04-15 | N/A |
| CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. | ||||
| CVE-2024-9511 | 1 Wpmanageninja | 1 Fluentsmtp | 2026-04-15 | 9.8 Critical |
| The FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.82 via deserialization of untrusted input in the 'formatResult' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. The vulnerability was partially patched in version 2.2.82. | ||||
| CVE-2025-54719 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in NooTheme Yogi - Health Beauty & Yoga noo-yogi allows Object Injection.This issue affects Yogi - Health Beauty & Yoga: from n/a through <= 2.9.2. | ||||
| CVE-2025-0769 | 1 Pixelyoursite | 1 Pixelyoursite | 2026-04-15 | N/A |
| PixelYourSite - Your smart PIXEL (TAG) and API Manager 10.1.1.1 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/modules/facebook/facebook-server-a sync-task.php. | ||||
| CVE-2025-0841 | 2026-04-15 | 7.3 High | ||
| A vulnerability has been found in Aridius XYZ up to 20240927 on OpenCart and classified as critical. This vulnerability affects the function loadMore of the component News. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | ||||
| CVE-2025-48018 | 2026-04-15 | 7.5 High | ||
| An authenticated user can modify application state data. | ||||
| CVE-2025-10433 | 2 1panel, Maxkb | 2 1panel, Maxkb | 2026-04-15 | 6.3 Medium |
| A vulnerability was determined in 1Panel-dev MaxKB up to 2.0.2/2.1.0. This issue affects some unknown processing of the file /admin/api/workspace/default/tool/debug. Executing manipulation of the argument code can lead to deserialization. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.1.1 is capable of addressing this issue. It is suggested to upgrade the affected component. | ||||
| CVE-2025-10894 | 1 Redhat | 4 Acm, Ansible Automation Platform, Multicluster Globalhub and 1 more | 2026-04-15 | 9.6 Critical |
| Malicious code was inserted into the Nx (build system) package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo under user's accounts. | ||||
| CVE-2025-10950 | 1 Geyang | 1 Ml-logger | 2026-04-15 | 6.3 Medium |
| A vulnerability was determined in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected is the function log_handler of the file ml_logger/server.py of the component Ping Handler. This manipulation of the argument data causes deserialization. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | ||||
| CVE-2025-10965 | 1 Lazyagi | 1 Lazyllm | 2026-04-15 | 6.3 Medium |
| A security vulnerability has been detected in LazyAGI LazyLLM up to 0.6.1. Affected by this issue is the function lazyllm_call of the file lazyllm/components/deploy/relay/server.py. Such manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-10974 | 1 Sewkinect Project | 1 Sewkinect | 2026-04-15 | 6.3 Medium |
| A vulnerability has been found in giantspatula SewKinect up to 7fd963ceb3385af3706af02b8a128a13399dffb1. This affects the function pickle.loads of the file /calculate of the component Endpoint. Such manipulation of the argument body_parts/point_cloud leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. | ||||
| CVE-2025-10975 | 1 Zeromq | 1 Zeromq | 2026-04-15 | 6.3 Medium |
| A vulnerability was found in GuanxingLu vlarl up to 31abc0baf53ef8f5db666a1c882e1ea64def2997. This vulnerability affects the function experiments.robot.bridge.reasoning_server::run_reasoning_server of the file experiments/robot/bridge/reasoning_server.py of the component ZeroMQ. Performing manipulation of the argument Message results in deserialization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. | ||||
| CVE-2025-13467 | 1 Redhat | 1 Build Keycloak | 2026-04-15 | 5.5 Medium |
| A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration. | ||||