Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
deserialization vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-15812
DNN (aka DotNetNuke) 9.2 up to and including 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.
Dnnsoftware Dotnetnuke
NA
CVE-2024-22506
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege ...
9.8
CVSSv3
CVE-2021-3287
Zoho ManageEngine OpManager prior to 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
9.8
CVSSv3
CVE-2016-4372
HPE iMC PLAT prior to 7.2 E0403P04, iMC EAD prior to 7.2 E0405P05, iMC APM prior to 7.2 E0401P04, iMC NTA prior to 7.2 E0401P01, iMC BIMS prior to 7.2 E0402P02, and iMC UAM_TAM prior to 7.2 E0405P05 allow remote malicious users to execute arbitrary commands via a crafted serializ...
Hp Intelligent Management Center User Access Management
Hp Intelligent Management Center Platform
Hp Intelligent Management Center Network Traffic Analyzer
Hp Intelligent Management Center Endpoint Admission Defense
Hp Intelligent Management Center Branch Intelligent Management System
Hp Intelligent Management Center Application Performance Manager
1 EDB exploit
9.8
CVSSv3
CVE-2021-26295
Apache OFBiz has unsafe deserialization before 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.
Apache Ofbiz
8 Github repositories
9.8
CVSSv3
CVE-2020-28653
Zoho ManageEngine OpManager Stable build prior to 125203 (and Released build prior to 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.
Zohocorp Manageengine Opmanager
Zohocorp Manageengine Opmanager 12.5
3 Github repositories
8
CVSSv3
CVE-2023-36050
Microsoft Exchange Server Spoofing Vulnerability
Microsoft Exchange Server 2019
Microsoft Exchange Server 2016
NA
CVE_2024_2054
A Command Injection vulnerability in Artica Proxy appliance version 4.50 and 4.40 allows remote attackers to run arbitrary commands via unauthenticated HTTP request. The Artica Proxy administrative web application will deserialize arbitrary PHP objects ...
1 Metasploit module
9.8
CVSSv3
CVE-2015-5254
Apache ActiveMQ 5.x prior to 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote malicious users to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.
Redhat Openshift 2.0
Apache Activemq 5.3.0
Apache Activemq 5.11.1
Apache Activemq 5.8.0
Apache Activemq 5.4.3
Apache Activemq 5.4.0
Apache Activemq 5.5.1
Apache Activemq 5.12.0
Apache Activemq 5.4.1
Apache Activemq 5.9.0
Apache Activemq 5.11.2
Apache Activemq 5.11.0
Apache Activemq 5.3.1
Apache Activemq 5.2.0
Apache Activemq 5.7.0
Apache Activemq 5.0.0
Apache Activemq 5.12.1
Apache Activemq 5.10.1
Apache Activemq 5.10.0
Apache Activemq 5.1.0
Apache Activemq 5.5.0
Apache Activemq 5.3.2
3 Github repositories
9.8
CVSSv3
CVE-2019-17556
Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService class, which is public API, uses ObjectInputStream and doesn't check classes being deserialized. If an attacker can feed malicious metadata to the class, then it may result in running attacker's code in t...
Apache Olingo
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »