Total
2478 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54723 | 1 Wordpress | 1 Wordpress | 2026-02-03 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in BoldThemes DentiCare denticare allows Object Injection.This issue affects DentiCare: from n/a through < 1.4.3. | ||||
| CVE-2025-33210 | 1 Nvidia | 1 Isaac Lab | 2026-02-02 | 9 Critical |
| NVIDIA Isaac Lab contains a deserialization vulnerability. A successful exploit of this vulnerability might lead to code execution. | ||||
| CVE-2025-27925 | 1 Nintex | 1 Automation | 2026-01-29 | 8.5 High |
| Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization of user input. | ||||
| CVE-2025-67619 | 2 Designthemes, Wordpress | 2 Kids Heaven, Wordpress | 2026-01-29 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in designthemes Kids Heaven kids-world allows Object Injection.This issue affects Kids Heaven: from n/a through <= 3.2. | ||||
| CVE-2025-67617 | 1 Wordpress | 1 Wordpress | 2026-01-29 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in themeton Consult Aid consultaid allows Object Injection.This issue affects Consult Aid: from n/a through <= 1.4.3. | ||||
| CVE-2025-69099 | 1 Wordpress | 1 Wordpress | 2026-01-28 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in fuelthemes North north-wp allows Object Injection.This issue affects North: from n/a through <= 5.7.5. | ||||
| CVE-2025-27522 | 1 Apache | 1 Inlong | 2026-01-28 | 6.5 Medium |
| Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability is a secondary mining bypass for CVE-2024-26579. Users are advised to upgrade to Apache InLong's 2.2.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/11732 | ||||
| CVE-2024-37502 | 3 Wordpress, Wpweb, Wpwebelite | 3 Wordpress, Woocommerce Social Login, Woocommerce Social Login | 2026-01-28 | 5.4 Medium |
| Deserialization of Untrusted Data vulnerability in wpweb WooCommerce Social Login.This issue affects WooCommerce Social Login: from n/a through 2.6.3. | ||||
| CVE-2025-68047 | 2 Arraytics, Wordpress | 2 Eventin, Wordpress | 2026-01-28 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through <= 4.1.1. | ||||
| CVE-2025-69036 | 1 Wordpress | 1 Wordpress | 2026-01-28 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in strongholdthemes Tech Life CPT techlife-cpt allows Object Injection.This issue affects Tech Life CPT: from n/a through <= 16.4. | ||||
| CVE-2025-69035 | 1 Wordpress | 1 Wordpress | 2026-01-28 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in strongholdthemes Dental Care CPT dentalcare-cpt allows Object Injection.This issue affects Dental Care CPT: from n/a through <= 20.2. | ||||
| CVE-2025-69002 | 2 Designthemes, Wordpress | 2 Onelife, Wordpress | 2026-01-28 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in designthemes OneLife onelife allows Object Injection.This issue affects OneLife: from n/a through <= 3.9. | ||||
| CVE-2025-39485 | 1 Themegoods | 1 Grand Tour | 2026-01-28 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Tour | Travel Agency WordPress allows Object Injection. This issue affects Grand Tour | Travel Agency WordPress: from n/a through 5.5.1. | ||||
| CVE-2025-39354 | 2 Themegoods, Wordpress | 2 Grand Conference, Wordpress | 2026-01-28 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Conference allows Object Injection.This issue affects Grand Conference: from n/a through 5.2. | ||||
| CVE-2025-68899 | 2 Designthemes, Wordpress | 2 Vivagh, Wordpress | 2026-01-27 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in designthemes Vivagh vivagh allows Object Injection.This issue affects Vivagh: from n/a through <= 2.4. | ||||
| CVE-2025-68903 | 1 Wordpress | 1 Wordpress | 2026-01-27 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in AivahThemes Anona anona allows Object Injection.This issue affects Anona: from n/a through <= 8.0. | ||||
| CVE-2026-24815 | 1 Datavane | 1 Tis | 2026-01-27 | N/A |
| Unrestricted Upload of File with Dangerous Type, Deserialization of Untrusted Data vulnerability in datavane tis (tis-plugin/src/main/java/com/qlangtech/tis/extension/impl modules). This vulnerability is associated with program files XmlFile.Java. This issue affects tis: before v4.3.0. | ||||
| CVE-2026-24656 | 1 Apache | 2 Karaf, Karaf Decanter | 2026-01-27 | 3.7 Low |
| Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter log socket collector exposes the port 4560, without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. It means that the log socket collector is vulnerable to deserialization of untrusted data, eventually causing DoS. NB: Decanter log socket collector is not installed by default. Users who have not installed Decanter log socket are not impacted by this issue. This issue affects Apache Karaf Decanter before 2.12.0. Users are recommended to upgrade to version 2.12.0, which fixes the issue. | ||||
| CVE-2025-69079 | 1 Wordpress | 1 Wordpress | 2026-01-27 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeREX Sound | Musical Instruments Online Store musicplace allows Object Injection.This issue affects Sound | Musical Instruments Online Store: from n/a through <= 1.6.9. | ||||
| CVE-2025-50004 | 2 Artbees, Wordpress | 2 Jupiter X Core, Wordpress | 2026-01-27 | 8.5 High |
| Deserialization of Untrusted Data vulnerability in artbees JupiterX Core jupiterx-core allows Object Injection.This issue affects JupiterX Core: from n/a through <= 4.10.1. | ||||