Total
2047 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-32284 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in designthemes Pet World allows Object Injection. This issue affects Pet World: from n/a through 2.8. | ||||
| CVE-2025-32571 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in turitop TuriTop Booking System allows Object Injection. This issue affects TuriTop Booking System: from n/a through 1.0.10. | ||||
| CVE-2024-8502 | 1 Modelscope | 1 Agentscope | 2025-07-12 | N/A |
| A vulnerability in the RpcAgentServerLauncher class of modelscope/agentscope v0.0.6a3 allows for remote code execution (RCE) via deserialization of untrusted data using the dill library. The issue occurs in the AgentServerServicer.create_agent method, where serialized input is deserialized using dill.loads, enabling an attacker to execute arbitrary commands on the server. | ||||
| CVE-2025-26885 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in Brent Jett Assistant allows Object Injection. This issue affects Assistant: from n/a through 1.5.1. | ||||
| CVE-2024-56068 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.5 High |
| Deserialization of Untrusted Data vulnerability in Azzaroco WP SuperBackup.This issue affects WP SuperBackup: from n/a through 2.3.3. | ||||
| CVE-2025-27301 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in Nazmul Hasan Robin NHR Options Table Manager allows Object Injection. This issue affects NHR Options Table Manager: from n/a through 1.1.2. | ||||
| CVE-2025-26873 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9 Critical |
| Deserialization of Untrusted Data vulnerability in Shine theme Traveler.This issue affects Traveler: from n/a before 3.2.1. | ||||
| CVE-2024-50507 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Daniel Schmitzer DS.DownloadList allows Object Injection.This issue affects DS.DownloadList: from n/a through 1.3. | ||||
| CVE-2024-12687 | 1 Plextrac | 1 Plextrac | 2025-07-12 | N/A |
| Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes. This issue affects PlexTrac: from 1.61.3 before 2.8.1. | ||||
| CVE-2023-27459 | 1 Wpeverest | 1 User Registration | 2025-07-12 | 7.4 High |
| Deserialization of Untrusted Data vulnerability in WPEverest User Registration.This issue affects User Registration: from n/a through 2.3.2.1. | ||||
| CVE-2025-39358 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Teastudio.Pl WP Posts Carousel allows Object Injection.This issue affects WP Posts Carousel: from n/a through 1.3.12. | ||||
| CVE-2025-31924 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in designthemes Crafts & Arts allows Object Injection. This issue affects Crafts & Arts: from n/a through 2.5. | ||||
| CVE-2024-37361 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2025-07-12 | 9.9 Critical |
| The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid. (CWE-502) Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, deserialize untrusted JSON data without constraining the parser to approved classes and methods. When developers place no restrictions on "gadget chains," or series of instances and method invocations that can self-execute during the deserialization process (i.e., before the object is returned to the caller), it is sometimes possible for attackers to leverage them to perform unauthorized actions. | ||||
| CVE-2025-27287 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ssvadim SS Quiz allows Object Injection. This issue affects SS Quiz: from n/a through 2.0.5. | ||||
| CVE-2024-11839 | 1 Plextrac | 1 Plextrac | 2025-07-12 | N/A |
| Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1. | ||||
| CVE-2025-0769 | 1 Pixelyoursite | 1 Pixelyoursite | 2025-07-12 | N/A |
| PixelYourSite - Your smart PIXEL (TAG) and API Manager 10.1.1.1 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/modules/facebook/facebook-server-a sync-task.php. | ||||
| CVE-2025-1556 | 1 Westboy | 1 Cicadascms | 2025-07-12 | 4.7 Medium |
| A vulnerability, which was classified as problematic, has been found in westboy CicadasCMS 1.0. This issue affects some unknown processing of the file /system of the component Template Management. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-30773 | 2 Cozmoslabs, Wordpress | 2 Translatepress, Wordpress | 2025-07-12 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress allows Object Injection. This issue affects TranslatePress: from n/a through 2.9.6. | ||||
| CVE-2025-6742 | 1 Brainstormforce | 1 Sureforms | 2025-07-11 | 7.5 High |
| The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.7.3 via the use of file_exists() in the delete_entry_files() function without restriction on the path provided. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. | ||||
| CVE-2024-13163 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | 7.8 High |
| Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. | ||||