Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
deserialization vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2016-0792
Multiple unspecified API endpoints in Jenkins prior to 1.650 and LTS prior to 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.
Jenkins Jenkins
Redhat Openshift 3.1
2 EDB exploits
2 Metasploit modules
4 Github repositories
9.8
CVSSv3
CVE-2018-19276
OpenMRS prior to 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.
Openmrs Openmrs
1 EDB exploit
1 Github repository
8.8
CVSSv3
CVE-2020-4280
IBM QRadar SIEM 7.3 and 7.4 could allow a remote malicious user to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit ...
Ibm Qradar Security Information And Event Manager
Ibm Qradar Security Information And Event Manager 7.3.3
NA
CVE-2024-2054
The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user.
1 Metasploit module
1 Github repository
8.8
CVSSv3
CVE-2018-20221
Secure/SAService.rem in Deltek Ajera Timesheets 9.10.16 and prior are vulnerable to remote code execution via deserialization of untrusted user input from an authenticated user. The executed code will run as the IIS Application Pool that is running the application.
Deltek Ajera
1 EDB exploit
9.8
CVSSv3
CVE-2017-14702
ERS Data System 1.8.1.0 allows remote malicious users to execute arbitrary code, related to "com.branaghgroup.ecers.update.UpdateRequest" object deserialization.
Branaghgroup Ers Data System 1.8.1.0
1 EDB exploit
9.8
CVSSv3
CVE-2017-5792
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.
Hp Intelligent Management Center 7.3
1 EDB exploit
8.8
CVSSv3
CVE-2019-11080
Sitecore Experience Platform (XP) before 9.1.1 is vulnerable to remote code execution via deserialization, aka TFS # 293863. An authenticated user with necessary permissions is able to remotely execute OS commands by sending a crafted serialized object.
Sitecore Experience Platform
1 EDB exploit
7.2
CVSSv3
CVE-2020-8801
SuiteCRM up to and including 7.11.11 allows PHAR Deserialization.
Salesagility Suitecrm
9.8
CVSSv3
CVE-2015-4852
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote malicious users to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core....
Oracle Virtual Desktop Infrastructure
Oracle Weblogic Server 12.2.1.0.0
Oracle Weblogic Server 12.1.3.0.0
Oracle Weblogic Server 10.3.6.0.0
Oracle Weblogic Server 12.1.2.0.0
Oracle Storagetek Tape Analytics Sw Tool 2.3
2 EDB exploits
13 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-9474
CVE-2024-36620
file inclusion
cache poisoning
man-in-the-middle
CVE-2024-20138
CVE-2024-0012
CVE-2024-20131
CVE-2024-11995
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »