Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
deserialization vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2023-34634
Greenshot 1.2.10 and below allows arbitrary code execution because .NET content is insecurely deserialized when a .greenshot file is opened.
Greenshot Greenshot
9.8
CVSSv3
CVE-2017-4914
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote malicious user to execute commands on the appliance.
Vmware Vsphere Data Protection 5.5.6
Vmware Vsphere Data Protection 5.5.7
Vmware Vsphere Data Protection 5.8.2
Vmware Vsphere Data Protection 5.8.3
Vmware Vsphere Data Protection 6.1.1
Vmware Vsphere Data Protection 6.1.2
Vmware Vsphere Data Protection 5.5.10
Vmware Vsphere Data Protection 5.5.11
Vmware Vsphere Data Protection 6.0.1
Vmware Vsphere Data Protection 6.0.2
Vmware Vsphere Data Protection 6.0.3
Vmware Vsphere Data Protection 5.5.8
Vmware Vsphere Data Protection 5.5.9
Vmware Vsphere Data Protection 5.8.4
Vmware Vsphere Data Protection 6.0.0
Vmware Vsphere Data Protection 6.1.3
Vmware Vsphere Data Protection 5.5.1
Vmware Vsphere Data Protection 5.5.5
Vmware Vsphere Data Protection 5.8.0
Vmware Vsphere Data Protection 5.8.1
Vmware Vsphere Data Protection 6.0.4
Vmware Vsphere Data Protection 6.1.0
1 EDB exploit
9.8
CVSSv3
CVE-2023-43208
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679.
Nextgen Mirth Connect
1 Metasploit module
2 Github repositories
9.8
CVSSv3
CVE-2023-1133
Delta Electronics InfraSuite Device Master versions before 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. The service accepts the unverified UDP packets and deserializes the content, which could allow an unauthenticated mal...
Deltaww Infrasuite Device Master
NA
CVE-2024-23114
Deserialization of Untrusted Data vulnerability in Apache Camel CassandraQL Component AggregationRepository which is vulnerable to unsafe deserialization. Under specific conditions it is possible to deserialize malicious payload.This issue affects Apache Camel: from 3.0.0 prior t...
8.8
CVSSv3
CVE-2022-29108
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft Sharepoint Foundation 2013
Microsoft Sharepoint Enterprise Server 2016
Microsoft Sharepoint Server 2019
Microsoft Sharepoint Server -
9.8
CVSSv3
CVE-2021-40865
An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. ...
Apache Storm
1 Github repository
8.8
CVSSv3
CVE-2021-36483
DevExpress.XtraReports.UI through v21.1 allows malicious users to execute arbitrary code via insecure deserialization.
Devexpress Devexpress
7.8
CVSSv3
CVE-2021-27240
This vulnerability allows local malicious users to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specifi...
Solarwinds Patch Manager 2020.2.1
8.8
CVSSv3
CVE-2021-24066
Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Sharepoint Foundation 2010
Microsoft Sharepoint Foundation 2013
Microsoft Sharepoint Enterprise Server 2016
Microsoft Sharepoint Server 2019
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »