Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
deserialization vulnerabilities and exploits
(subscribe to this query)
991
VMScore
CVE-2016-0792
Multiple unspecified API endpoints in Jenkins prior to 1.650 and LTS prior to 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.
Jenkins Jenkins
Redhat Openshift 3.1
2 EDB exploits
2 Metasploit modules
4 Github repositories
1000
VMScore
CVE-2018-19276
OpenMRS prior to 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.
Openmrs Openmrs
1 EDB exploit
1 Github repository
802
VMScore
CVE-2020-4280
IBM QRadar SIEM 7.3 and 7.4 could allow a remote malicious user to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit ...
Ibm Qradar Security Information And Event Manager
Ibm Qradar Security Information And Event Manager 7.3.3
NA
CVE-2024-2054
The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user.
1 Metasploit module
1 Github repository
655
VMScore
CVE-2018-20221
Secure/SAService.rem in Deltek Ajera Timesheets 9.10.16 and prior are vulnerable to remote code execution via deserialization of untrusted user input from an authenticated user. The executed code will run as the IIS Application Pool that is running the application.
Deltek Ajera
1 EDB exploit
755
VMScore
CVE-2017-14702
ERS Data System 1.8.1.0 allows remote malicious users to execute arbitrary code, related to "com.branaghgroup.ecers.update.UpdateRequest" object deserialization.
Branaghgroup Ers Data System 1.8.1.0
1 EDB exploit
755
VMScore
CVE-2017-5792
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.
Hp Intelligent Management Center 7.3
1 EDB exploit
905
VMScore
CVE-2019-11080
Sitecore Experience Platform (XP) before 9.1.1 is vulnerable to remote code execution via deserialization, aka TFS # 293863. An authenticated user with necessary permissions is able to remotely execute OS commands by sending a crafted serialized object.
Sitecore Experience Platform
1 EDB exploit
578
VMScore
CVE-2020-8801
SuiteCRM up to and including 7.11.11 allows PHAR Deserialization.
Salesagility Suitecrm
NA
CVE-2022-2992
A vulnerability in GitLab CE/EE affecting all versions from 11.10 before 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint.
Gitlab Gitlab
1 Metasploit module
5 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »