Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
deserialization vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2022-38111
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
Solarwinds Orion Platform 2022.4.1
7.8
CVSSv3
CVE-2023-27978
A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file. Affected Products: IGSS Da...
Schneider-electric Custom Reports
Schneider-electric Igss Dashboard
Schneider-electric Igss Data Server
NA
CVE-2023-50220
Inductive Automation Ignition Base64Element Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote malicious users to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to ...
8.8
CVSSv3
CVE-2021-42130
A deserialization of untrusted data vulnerability exists in Ivanti Avalanche prior to 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution.
Ivanti Avalanche
NA
CVE-2023-51576
Voltronic Power ViewPower Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote malicious users to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulne...
9.8
CVSSv3
CVE-2021-44678
An issue (2 of 6) exists in Veritas Enterprise Vault up to and including 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited...
Veritas Enterprise Vault
8.8
CVSSv3
CVE-2021-35215
Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability.
Solarwinds Orion Platform
1 Github repository
8.8
CVSSv3
CVE-2021-35216
Insecure Deserialization of untrusted data remote code execution vulnerability exists in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP can compromise this vulnerability can result in Remote Code Execution.
Solarwinds Patch Manager
5.9
CVSSv3
CVE-2021-2211
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network a...
7.8
CVSSv3
CVE-2022-1118
Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbench (v6.0 though v6.6.9), and Safety Instrumented System Workstation (v1.2 and prior (for Trusted Controllers)) do not limit the objects that can be deserialized. This allows malicious users to craft a malicious ...
Rockwellautomation Safety Instrumented Systems Workstation
Rockwellautomation Isagraf Workbench
Rockwellautomation Connected Component Workbench
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »