Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
deserialization vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-18326
DNN (aka DotNetNuke) 9.2 up to and including 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.
Dnnsoftware Dotnetnuke
NA
CVE-2024-22320
IBM Operational Decision Manager 8.10.3 could allow a remote authenticated malicious user to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in ...
Ibm Operational Decision Manager 8.10.3
Ibm Operational Decision Manager 8.10.4
Ibm Operational Decision Manager 8.10.5.1
Ibm Operational Decision Manager 8.11
Ibm Operational Decision Manager 8.11.0.1
Ibm Operational Decision Manager 8.12.0.1
NA
CVE-2024-27322
Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user’...
NA
CVE-2023-43654
TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to comprom...
Pytorch Torchserve
1 Metasploit module
1 Github repository
1 Article
NA
CVE-2023-26359
Adobe ColdFusion versions 2018 Update 15 (and previous versions) and 2021 Update 5 (and previous versions) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issu...
Adobe Coldfusion 2018
Adobe Coldfusion 2021
1 Github repository
7.5
CVSSv2
CVE-2017-4914
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote malicious user to execute commands on the appliance.
Vmware Vsphere Data Protection 5.5.6
Vmware Vsphere Data Protection 5.5.7
Vmware Vsphere Data Protection 5.8.2
Vmware Vsphere Data Protection 5.8.3
Vmware Vsphere Data Protection 6.1.1
Vmware Vsphere Data Protection 6.1.2
Vmware Vsphere Data Protection 5.5.10
Vmware Vsphere Data Protection 5.5.11
Vmware Vsphere Data Protection 6.0.1
Vmware Vsphere Data Protection 6.0.2
Vmware Vsphere Data Protection 6.0.3
Vmware Vsphere Data Protection 5.5.8
Vmware Vsphere Data Protection 5.5.9
Vmware Vsphere Data Protection 5.8.4
Vmware Vsphere Data Protection 6.0.0
Vmware Vsphere Data Protection 6.1.3
Vmware Vsphere Data Protection 5.5.1
Vmware Vsphere Data Protection 5.5.5
Vmware Vsphere Data Protection 5.8.0
Vmware Vsphere Data Protection 5.8.1
Vmware Vsphere Data Protection 6.0.4
Vmware Vsphere Data Protection 6.1.0
1 EDB exploit
6.4
CVSSv2
CVE-2021-20353
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 194882.
Ibm Websphere Application Server
NA
CVE-2023-43208
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679.
Nextgen Mirth Connect
1 Metasploit module
2 Github repositories
NA
CVE-2024-22505
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege ...
NA
CVE-2023-34634
Greenshot 1.2.10 and below allows arbitrary code execution because .NET content is insecurely deserialized when a .greenshot file is opened.
Greenshot Greenshot
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »