Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
deserialization vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-30981
An issue exists in Gentics CMS prior to 5.43.1. By uploading a malicious ZIP file, an attacker is able to deserialize arbitrary data and hence can potentially achieve Java code execution.
Gentics Gentics Cms
7.5
CVSSv2
CVE-2022-24108
The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote malicious user to inject a serialized PHP object via the setting parameter, potentially resulting in the ability to write to files on the server, cause DoS, and achieve remote code execution because of deseri...
Skyoftech So Listing Tabs 2.2.0
6.8
CVSSv2
CVE-2007-1701
PHP 4 prior to 4.4.5, and PHP 5 prior to 5.2.1, when register_globals is enabled, allows context-dependent malicious users to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a st...
Php Php
1 EDB exploit
NA
CVE-2022-30982
An issue exists in Gentics CMS prior to 5.43.1. There is stored XSS in the profile description and in the username.
Gentics Gentics Cms
NA
CVE-2024-28075
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership ...
NA
CVE-2024-0692
The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution.
NA
CVE-2022-35405
Zoho ManageEngine Password Manager Pro prior to 12101 and PAM360 prior to 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus prior to 4303 with authentication.)
Zohocorp Manageengine Access Manager Plus 4.3
Zohocorp Manageengine Access Manager Plus
Zohocorp Manageengine Password Manager Pro
Zohocorp Manageengine Password Manager Pro 12.1
Zohocorp Manageengine Pam360
Zohocorp Manageengine Pam360 5.5
1 Github repository
NA
CVE-2022-35870
This vulnerability allows remote malicious users to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. Th...
Inductiveautomation Ignition 8.1.15
6
CVSSv2
CVE-2020-17532
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
Apache Java Chassis
5
CVSSv2
CVE-2018-18326
DNN (aka DotNetNuke) 9.2 up to and including 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.
Dnnsoftware Dotnetnuke
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »