Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
deserialization vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-17057
An issue exists in TCPDF prior to 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
Tecnick Tcpdf
Limesurvey Limesurvey
1 EDB exploit
2 Github repositories
9.8
CVSSv3
CVE-2020-12835
An issue exists in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to unsafe use of an Java RMI based protocol in an unsafe configuration, an attacker can inject malicious serialized objects into the communication, resulting in remote code execution in the context of a client-side Netwo...
Smartbear Readyapi 3.2.5
8.8
CVSSv3
CVE-2020-17532
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
Apache Java Chassis
9.9
CVSSv3
CVE-2022-2992
A vulnerability in GitLab CE/EE affecting all versions from 11.10 before 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint.
Gitlab Gitlab
5 Github repositories
9.8
CVSSv3
CVE-2022-35405
Zoho ManageEngine Password Manager Pro prior to 12101 and PAM360 prior to 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus prior to 4303 with authentication.)
Zohocorp Manageengine Access Manager Plus 4.3
Zohocorp Manageengine Access Manager Plus
Zohocorp Manageengine Password Manager Pro
Zohocorp Manageengine Password Manager Pro 12.1
Zohocorp Manageengine Pam360
Zohocorp Manageengine Pam360 5.5
1 Github repository
7.8
CVSSv3
CVE-2022-35870
This vulnerability allows remote malicious users to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. Th...
Inductiveautomation Ignition 8.1.15
8.8
CVSSv3
CVE-2024-0692
The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution.
7.5
CVSSv3
CVE-2018-18326
DNN (aka DotNetNuke) 9.2 up to and including 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.
Dnnsoftware Dotnetnuke
9.8
CVSSv3
CVE-2018-3245
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access vi...
Oracle Weblogic Server 12.1.3.0.0
Oracle Weblogic Server 10.3.6.0.0
Oracle Weblogic Server 12.2.1.3.0
1 EDB exploit
3 Github repositories
9.8
CVSSv3
CVE-2018-21234
Jodd prior to 5.0.4 performs Deserialization of Untrusted JSON Data when setClassMetadataName is set.
Jodd Jodd
Apache Hive 3.1.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »