Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-4386

Summary
Assigner-Wordfence
Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At-20 Oct, 2023 | 07:29
Updated At-08 Apr, 2026 | 17:15
Rejected At-
Credits

Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via queries

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Wordfence
Assigner Org ID:b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At:20 Oct, 2023 | 07:29
Updated At:08 Apr, 2026 | 17:15
Rejected At:
▼CVE Numbering Authority (CNA)
Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via queries

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

Affected Products
Vendor
WPDeveloperwpdevteam
Product
Essential Blocks Pro
Default Status
unaffected
Versions
Affected
  • From 0 through 1.1.0 (semver)
Vendor
WPDeveloperwpdevteam
Product
Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns
Default Status
unaffected
Versions
Affected
  • From 0 through 4.2.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-502CWE-502 Deserialization of Untrusted Data
Type: CWE
CWE ID: CWE-502
Description: CWE-502 Deserialization of Untrusted Data
Metrics
VersionBase scoreBase severityVector
3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Marco Wotschka
Timeline
EventDate
Discovered2023-08-17 00:00:00
Vendor Notified2023-08-18 00:00:00
Disclosed2023-09-13 00:00:00
Event: Discovered
Date: 2023-08-17 00:00:00
Event: Vendor Notified
Date: 2023-08-18 00:00:00
Event: Disclosed
Date: 2023-09-13 00:00:00
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/af468f83-d6ad-474c-bf7f-c4eeb6df1b54?source=cve
N/A
https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/API/PostBlock.php?rev=2950425#L30
N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/af468f83-d6ad-474c-bf7f-c4eeb6df1b54?source=cve
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/API/PostBlock.php?rev=2950425#L30
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/af468f83-d6ad-474c-bf7f-c4eeb6df1b54?source=cve
x_transferred
https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/API/PostBlock.php?rev=2950425#L30
x_transferred
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/af468f83-d6ad-474c-bf7f-c4eeb6df1b54?source=cve
Resource:
x_transferred
Hyperlink: https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/API/PostBlock.php?rev=2950425#L30
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@wordfence.com
Published At:20 Oct, 2023 | 08:15
Updated At:08 Apr, 2026 | 19:18

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches

WPDeveloper
wpdeveloper
>>essential_blocks>>Versions up to 4.2.0(inclusive)
cpe:2.3:a:wpdeveloper:essential_blocks:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-502Primarysecurity@wordfence.com
CWE-502Secondarynvd@nist.gov
CWE ID: CWE-502
Type: Primary
Source: security@wordfence.com
CWE ID: CWE-502
Type: Secondary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/API/PostBlock.php?rev=2950425#L30security@wordfence.com
Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/af468f83-d6ad-474c-bf7f-c4eeb6df1b54?source=cvesecurity@wordfence.com
Third Party Advisory
https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/API/PostBlock.php?rev=2950425#L30af854a3a-2127-422b-91ae-364da2661108
Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/af468f83-d6ad-474c-bf7f-c4eeb6df1b54?source=cveaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/API/PostBlock.php?rev=2950425#L30
Source: security@wordfence.com
Resource:
Product
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/af468f83-d6ad-474c-bf7f-c4eeb6df1b54?source=cve
Source: security@wordfence.com
Resource:
Third Party Advisory
Hyperlink: https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/API/PostBlock.php?rev=2950425#L30
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Product
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/af468f83-d6ad-474c-bf7f-c4eeb6df1b54?source=cve
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

162Records found

CVE-2023-4402
Matching Score-10
Assigner-Wordfence
ShareView Details
Matching Score-10
Assigner-Wordfence
CVSS Score-8.1||HIGH
EPSS-1.34% / 67.86%
||
7 Day CHG~0.00%
Published-20 Oct, 2023 | 06:35
Updated-08 Apr, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via products

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

Action-Not Available
Vendor-WPDeveloper
Product-essential_blocks_proessential_blocksEssential Blocks ProGutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-30226
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-9||CRITICAL
EPSS-0.86% / 54.16%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 04:57
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BetterDocs plugin <= 3.3.3 - Unauthenticated PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in WPDeveloper BetterDocs.This issue affects BetterDocs: from n/a through 3.3.3.

Action-Not Available
Vendor-WPDeveloper
Product-betterdocsBetterDocs
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-3018
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.78% / 51.28%
||
7 Day CHG~0.00%
Published-30 Mar, 2024 | 11:17
Updated-08 Apr, 2026 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Essential Addons for Elementor <= 5.9.13 - Authenticated (Author+) PHP Object Injection via error_resetpassword

The Essential Addons for Elementor plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.13 via deserialization of untrusted input from the 'error_resetpassword' attribute of the "Login | Register Form" widget (disabled by default). This makes it possible for authenticated attackers, with author-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

Action-Not Available
Vendor-WPDeveloper
Product-essential_addons_for_elementorEssential Addons for Elementor – Popular Elementor Templates & Widgetsessential_addons_for_elementor
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-24616
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-9.35% / 94.78%
||
7 Day CHG~0.00%
Published-25 Aug, 2020 | 17:04
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).

Action-Not Available
Vendor-n/aDebian GNU/LinuxOracle CorporationFasterXML, LLC.NetApp, Inc.
Product-communications_diameter_signaling_routercommunications_contacts_servercommunications_messaging_servercommunications_offline_mediation_controlleridentity_manager_connectorsiebel_ui_frameworkactive_iq_unified_managercommunications_session_report_managercommunications_instant_messaging_serverautovue_for_agile_product_lifecycle_managementagile_plmcommunications_policy_managementbanking_supply_chain_financedebian_linuxblockchain_platformcommunications_cloud_native_core_unified_data_repositoryjackson-databindcommunications_pricing_design_centercommunications_calendar_serverbanking_liquidity_managementcommunications_evolved_communications_application_servercommunications_unified_inventory_managementapplication_testing_suitecommunications_services_gatekeepercommunications_element_managern/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-7635
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.1||HIGH
EPSS-0.48% / 38.00%
||
7 Day CHG~0.00%
Published-13 May, 2026 | 04:26
Updated-13 May, 2026 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
coreActivity: Activity Logging for WordPress <= 3.0 - Unauthenticated PHP Object Injection via 'user_agent' Log Meta Field

The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0. This is due to the plugin failing to validate or strip PHP serialization syntax from the User-Agent HTTP header before storing it in the logmeta table, and subsequently calling `maybe_unserialize()` on every retrieved `meta_value` in `query_metas()` without verifying the data was originally serialized by the application. This makes it possible for unauthenticated attackers to inject a crafted PHP serialized payload via the User-Agent header during any logged event (such as a failed login attempt), which, when an administrator views the Logs page, is deserialized and passed to `DeviceDetector::setUserAgent()`, triggering a Fatal TypeError that creates a persistent Denial of Service condition blocking administrator access to the Logs page entirely.

Action-Not Available
Vendor-gdragon
Product-coreActivity: Activity Logging for WordPress
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-23649
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.75% / 50.44%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 06:12
Updated-28 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MainWP Links Manager Extension Plugin <= 2.1 - Unauthenticated PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in MainWP MainWP Links Manager Extension.This issue affects MainWP Links Manager Extension: from n/a through 2.1.

Action-Not Available
Vendor-MainWPmainwp
Product-MainWP Links Manager Extensionmainwp_links_manager_extension
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-24750
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-7.27% / 93.60%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 18:39
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.

Action-Not Available
Vendor-n/aDebian GNU/LinuxOracle CorporationFasterXML, LLC.
Product-communications_diameter_signaling_routercommunications_contacts_serversiebel_core_-_server_frameworkcommunications_messaging_servercommunications_offline_mediation_controlleridentity_manager_connectorsiebel_ui_frameworkcommunications_session_route_managercommunications_session_report_managercommunications_instant_messaging_serveragile_plmautovue_for_agile_product_lifecycle_managementcommunications_policy_managementbanking_supply_chain_financedebian_linuxblockchain_platformcommunications_pricing_design_centerjackson-databindcommunications_calendar_serverbanking_liquidity_managementbanking_corporate_lending_process_managementcommunications_unified_inventory_managementbanking_credit_facilities_process_managementapplication_testing_suitecommunications_services_gatekeepercommunications_element_managern/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-7647
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.1||HIGH
EPSS-0.46% / 36.83%
||
7 Day CHG~0.00%
Published-02 May, 2026 | 05:29
Updated-05 May, 2026 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Profile Builder Pro <= 3.14.5 - Unauthenticated PHP Object Injection

The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3.14.5. This is due to the use of PHP's maybe_unserialize() function on the attacker-controlled 'args' POST parameter within the wppb_request_users_pins_action_callback() AJAX handler, which lacked any nonce verification, type checking, or input validation before deserialization. Because the handler was registered with both wp_ajax_ and wp_ajax_nopriv_ hooks, it was reachable by completely unauthenticated users. This makes it possible for unauthenticated attackers to inject arbitrary PHP objects into application memory.

Action-Not Available
Vendor-Cozmoslabs
Product-Profile Builder Pro
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2018-15133
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-76.81% / 99.49%
||
7 Day CHG~0.00%
Published-09 Aug, 2018 | 19:00
Updated-07 Nov, 2025 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-02-06||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.

Action-Not Available
Vendor-laraveln/aLaravel
Product-laraveln/aLaravel Framework
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-47130
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-3.15% / 86.36%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 20:30
Updated-14 Aug, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unsafe deserialization of user data in yiisoft/yii

Yii is an open source PHP web framework. yiisoft/yii before version 1.1.29 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. An attacker may leverage this vulnerability to compromise the host system. A fix has been developed for the 1.1.29 release. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-yiiframeworkyiisoftyiiframework
Product-yiiyiiyii
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-58592
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.33% / 24.52%
||
7 Day CHG~0.00%
Published-06 Nov, 2025 | 15:54
Updated-28 Apr, 2026 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TranslatePress Plugin <= 2.10.2 - Deserialization of untrusted data Vulnerability

Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress translatepress-multilingual allows Object Injection.This issue affects TranslatePress: from n/a through <= 2.10.2.

Action-Not Available
Vendor-Cozmoslabs
Product-TranslatePress
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-24009
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-1.38% / 68.71%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 15:04
Updated-09 Apr, 2026 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Docling Core vulnerable to Remote Code Execution via unsafe PyYAML usage

Docling Core (or docling-core) is a library that defines core data types and transformations in the document processing application Docling. A PyYAML-related Remote Code Execution (RCE) vulnerability, namely CVE-2020-14343, is exposed in docling-core starting in version 2.21.0 and prior to version 2.48.4, specifically only if the application uses pyyaml prior to version 5.4 and invokes `docling_core.types.doc.DoclingDocument.load_from_yaml()` passing it untrusted YAML data. The vulnerability has been patched in docling-core version 2.48.4. The fix mitigates the issue by switching `PyYAML` deserialization from `yaml.FullLoader` to `yaml.SafeLoader`, ensuring that untrusted data cannot trigger code execution. Users who cannot immediately upgrade docling-core can alternatively ensure that the installed version of PyYAML is 5.4 or greater.

Action-Not Available
Vendor-doclingdocling-project
Product-docling-coredocling-core
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-2604
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-8.1||HIGH
EPSS-4.90% / 91.03%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 16:34
Updated-30 Sep, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Debian GNU/LinuxMcAfee, LLCNetApp, Inc.Red Hat, Inc.openSUSEOracle CorporationCanonical Ltd.
Product-enterprise_linux_serverubuntu_linuxopenjdkepolicy_orchestratoroncommand_insightenterprise_linux_server_ause-series_santricity_management_plug-inse-series_performance_analyzerenterprise_linuxactive_iq_unified_managerjdke-series_santricity_web_services_proxyoncommand_workflow_automationcommerce_guided_searchsantricity_unified_managersteelstore_cloud_integrated_storagedebian_linuxgraalvmjreenterprise_linux_workstatione-series_santricity_os_controllere-series_santricity_storage_managerenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_desktopcommerce_experience_managerleapJava
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-56031
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.32% / 23.52%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 14:52
Updated-26 Jun, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Uncanny Automator plugin <= 7.3.1.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Uncanny Automator <= 7.3.1.2 versions.

Action-Not Available
Vendor-Uncanny Owl Inc.
Product-Uncanny Automator
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-26915
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-41.84% / 98.52%
||
7 Day CHG~0.00%
Published-08 Feb, 2021 | 21:04
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet.

Action-Not Available
Vendor-n/aAbsolute Software Corporation
Product-netmotion_mobilityn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-53572
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.30% / 22.10%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:37
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Easy Contact Plugin <= 4.0.1 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in emarket-design WP Easy Contact wp-easy-contact allows Object Injection.This issue affects WP Easy Contact: from n/a through <= 4.0.1.

Action-Not Available
Vendor-emarket-design
Product-WP Easy Contact
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-1750
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.6||MEDIUM
EPSS-0.78% / 51.43%
||
7 Day CHG~0.00%
Published-22 Feb, 2024 | 20:00
Updated-31 Dec, 2024 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TemmokuMVC Image Download images_get_down.php img_replace deserialization

A vulnerability, which was classified as critical, was found in TemmokuMVC up to 2.3. Affected is the function get_img_url/img_replace in the library lib/images_get_down.php of the component Image Download Handler. The manipulation leads to deserialization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254532. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-temmokumvcn/a
Product-temmokumvcTemmokuMVC
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-53584
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.30% / 22.10%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:37
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Ticket Customer Service Software & Support Ticket System Plugin <= 6.0.2 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in emarket-design WP Ticket Customer Service Software & Support Ticket System wp-ticket allows Object Injection.This issue affects WP Ticket Customer Service Software & Support Ticket System: from n/a through <= 6.0.2.

Action-Not Available
Vendor-emarket-design
Product-WP Ticket Customer Service Software & Support Ticket System
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-53583
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.30% / 22.10%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:37
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Employee Spotlight Plugin <= 5.1.1 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in emarket-design Employee Spotlight employee-spotlight allows Object Injection.This issue affects Employee Spotlight: from n/a through <= 5.1.1.

Action-Not Available
Vendor-emarket-design
Product-Employee Spotlight
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2017-3200
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-8.1||HIGH
EPSS-6.15% / 92.59%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 17:00
Updated-05 Aug, 2024 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The implementation of Action Message Format (AMF3) deserializers in GraniteDS, version 3.1.1.GA, may allow instantiation of arbitrary classes due to improper code control

The Java implementation of AMF3 deserializers used in GraniteDS, version 3.1.1.G, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability depends on the availability of classes in the class path that make use of deserialization. A remote attacker with the ability to spoof or control information may be able to send serialized Java objects with pre-set properties that result in arbitrary code execution when deserialized.

Action-Not Available
Vendor-granitedsGraniteDS
Product-granitedsFramework
CWE ID-CWE-913
Improper Control of Dynamically-Managed Code Resources
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-54512
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.62% / 45.20%
||
7 Day CHG+0.01%
Published-23 Jun, 2026 | 20:56
Updated-27 Jun, 2026 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
jackson-databind: PolymorphicTypeValidator bypass via generic type parameters allows arbitrary class instantiation

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, jackson-databind's PolymorphicTypeValidator (PTV) is the primary safety mechanism guarding polymorphic deserialization. When polymorphic typing is enabled and a type identifier contains generic parameters (i.e. the type ID string contains <), DatabindContext._resolveAndValidateGeneric() validates only the raw container class name (the substring before <) against the configured PTV. If the container type is approved, the method parses the full canonical type string via TypeFactory.constructFromCanonical() and returns the fully parameterized type without ever validating the nested type arguments against the PTV. The nested type arguments are then resolved, instantiated, and populated as beans during deserialization. An attacker who controls the type ID can therefore place a denied class as a generic type parameter of an allowed container — for example java.util.ArrayList<com.evil.Gadget> when only java.util.ArrayList is allow-listed. The container passes the PTV check; com.evil.Gadget is loaded via Class.forName(name, true, loader), instantiated, and its properties are set from attacker-controlled JSON. This completely bypasses an explicitly configured PTV allow-list. This vulnerability is fixed in 2.18.8, 2.21.4, and 3.1.4.

Action-Not Available
Vendor-FasterXML, LLC.
Product-jackson-databindjackson-databind
CWE ID-CWE-184
Incomplete List of Disallowed Inputs
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-53243
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.30% / 22.10%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:37
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Employee Directory – Staff Listing & Team Directory plugin for WordPress plugin <= 4.5.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in emarket-design Employee Directory – Staff Listing & Team Directory Plugin for WordPress employee-directory allows Object Injection.This issue affects Employee Directory – Staff Listing & Team Directory Plugin for WordPress: from n/a through <= 4.5.5.

Action-Not Available
Vendor-emarket-design
Product-Employee Directory – Staff Listing & Team Directory Plugin for WordPress
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-51427
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.53% / 40.82%
||
7 Day CHG+0.16%
Published-19 May, 2026 | 00:00
Updated-30 Jun, 2026 | 03:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file (dey_mini.yaml) under the key ['nnet']['module'].

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-n/aRed Hat OpenShift AI (RHOAI)
CWE ID-CWE-502
Deserialization of Untrusted Data
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-13770
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.1||HIGH
EPSS-0.76% / 50.59%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 04:21
Updated-08 Apr, 2026 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Puzzles | WP Magazine / Review with Store WordPress Theme + RTL <= 4.2.4 - Unauthenticated PHP Object Injection

The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2.4 via deserialization of untrusted input 'view_more_posts' AJAX action. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. The developer opted to remove the software from the repository, so an update is not available and it is recommended to find a replacement software.

Action-Not Available
Vendor-themerexThemeREX
Product-puzzlesPuzzles | WP Magazine / Review with Store WordPress Theme + RTL
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-13777
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.1||HIGH
EPSS-0.59% / 43.99%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 09:21
Updated-08 Apr, 2026 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Unauthenticated PHP Object Injection

The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.91 via deserialization of untrusted input from the 'margs' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.

Action-Not Available
Vendor-digitalzoomstudioZoomIt
Product-zoomsoundsZoomSounds - WordPress Wave Audio Player with Playlist
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-12313
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.1||HIGH
EPSS-0.78% / 51.36%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 04:22
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Compare Products for WooCommerce <= 3.2.1 - Unauthenticated PHP Object Injection

The Compare Products for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.1 via deserialization of untrusted input from the 'woo_compare_list' cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

Action-Not Available
Vendor-a3rev
Product-Compare Products for WooCommerce
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2017-1000053
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-1.93% / 77.59%
||
7 Day CHG~0.00%
Published-13 Jul, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session.

Action-Not Available
Vendor-plug_projectn/a
Product-plugn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-49438
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.37% / 29.40%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 08:03
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Login Log plugin <= 1.1.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Max Chirkov Simple Login Log allows Object Injection. This issue affects Simple Login Log: from n/a through 1.1.3.

Action-Not Available
Vendor-Max Chirkov
Product-Simple Login Log
CWE ID-CWE-502
Deserialization of Untrusted Data
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2026-50632
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-8.1||HIGH
EPSS-0.65% / 46.47%
||
7 Day CHG+0.20%
Published-12 Jun, 2026 | 09:00
Updated-03 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache CXF: JNDI Injection Vulnerability in JMSConfigFactory

A further incomplete fix for a previous advisory CVE-2026-44417 (Untrusted JMS configuration can lead to RCE) for Apache CXF has been identified, which can allow code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fixes this issue.

Action-Not Available
Vendor-Red Hat, Inc.The Apache Software Foundation
Product-cxfApache CXFRed Hat build of Apache Camel for Spring Boot 4Red Hat JBoss Enterprise Application Platform 7Red Hat Fuse 7Red Hat Single Sign-On 7Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat JBoss Enterprise Application Platform 8
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-49286
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.56% / 42.21%
||
7 Day CHG~0.00%
Published-19 Jun, 2026 | 17:03
Updated-22 Jun, 2026 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PhpWeasyPrint vulnerable to PHAR deserialization via output filename (CVE-2023-28115 case-insensitive bypass)

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `pontedilana/php-weasyprint` guarded the output filename against the `phar://` stream wrapper with a case-sensitive blacklist. PHP stream wrappers are case-insensitive, so `PHAR://`, `Phar://`, etc. bypass the check and reach `fileExists()` (`file_exists()`) in `prepareOutput()`. On PHP 7 (which the library still supports — PHP 7.4+), this triggers deserialization of a crafted PHAR archive's metadata, leading to remote code execution. This is the patch-bypass of CVE-2023-28115. The same issue and fix were handled upstream in KnpLabs/snappy (GHSA-92rv-4j2h-8mjj). PhpWeasyPrint version 2.6.0 contains a patch for the issue.

Action-Not Available
Vendor-pontedilana
Product-php-weasyprint
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-36188
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-10.91% / 95.33%
||
7 Day CHG~0.00%
Published-06 Jan, 2021 | 22:29
Updated-04 Aug, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.

Action-Not Available
Vendor-n/aDebian GNU/LinuxOracle CorporationFasterXML, LLC.NetApp, Inc.
Product-primavera_unifiercloud_backupjd_edwards_enterpriseone_orchestratorprimavera_gatewaycommunications_network_charging_and_controlcommunications_session_route_managerretail_service_backbonecommunications_session_report_managercommunications_instant_messaging_serverautovue_for_agile_product_lifecycle_managementagile_plmcommunications_policy_managementcommunications_cloud_native_core_policyretail_merchandising_systemcommunications_convergent_charging_controllercommerce_platformblockchain_platformcommunications_cloud_native_core_unified_data_repositoryjackson-databindcommunications_evolved_communications_application_servercommunications_unified_inventory_managementservice_level_managerdocumakerapplication_testing_suitecommunications_services_gatekeeperbanking_virtual_account_managementretail_customer_management_and_segmentation_foundationinsurance_rules_palettecommunications_billing_and_revenue_managementcommunications_offline_mediation_controllerdebian_linuxbanking_supply_chain_financecommunications_diameter_signaling_routecommunications_pricing_design_centerbanking_credit_facilities_process_managementretail_xstore_point_of_serviceinsurance_policy_administrationbanking_corporate_lending_process_managementgoldengate_application_adaptersbanking_extensibility_workbenchcommunications_element_managerjd_edwards_enterpriseone_toolsbanking_treasury_managementwebcenter_portaldata_integratorn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-49121
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.2||CRITICAL
EPSS-1.10% / 61.76%
||
7 Day CHG+0.06%
Published-01 Jun, 2026 | 17:09
Updated-30 Jun, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AI Tensor Engine for ROCm (AITER) 0.1.14 Unauthenticated RCE via MessageQueue.recv() Pickle Deserialization

AI Tensor Engine for ROCm (AITER) through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv() function within shm_broadcast.py that allows unauthenticated remote attackers to execute arbitrary code by sending a malicious pickle payload to a ZMQ SUB socket with no authentication, HMAC, or format validation. Attackers who can reach the writer XPUB endpoint on the cluster network or supply a forged Handle with an attacker-controlled remote_subscribe_addr can deliver a crafted pickle payload that executes arbitrary code simultaneously as the inference worker process on every remote reader worker.

Action-Not Available
Vendor-ROCmAdvanced Micro Devices, Inc.Red Hat, Inc.
Product-aiteraiterRed Hat OpenShift AI (RHOAI)Red Hat AI Inference Server
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-36183
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-4.89% / 91.02%
||
7 Day CHG~0.00%
Published-06 Jan, 2021 | 22:30
Updated-29 Apr, 2026 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.

Action-Not Available
Vendor-n/aFasterXML, LLC.Oracle CorporationDebian GNU/LinuxNetApp, Inc.
Product-webcenter_portalcommunications_unified_inventory_managementcommunications_session_route_managercommunications_billing_and_revenue_managementcommunications_instant_messaging_servercommunications_session_report_managercommunications_element_managercommunications_cloud_native_core_unified_data_repositorycommunications_evolved_communications_application_serverjackson-databindjd_edwards_enterpriseone_toolsbanking_extensibility_workbenchinsurance_rules_paletteblockchain_platformretail_service_backboneagile_plmbanking_virtual_account_managementdebian_linuxbanking_treasury_managementservice_level_managerjd_edwards_enterpriseone_orchestratorprimavera_unifierbanking_credit_facilities_process_managementapplication_testing_suiteprimavera_gatewaybanking_corporate_lending_process_managementdocumakerretail_merchandising_systemcommunications_convergent_charging_controllercommunications_offline_mediation_controllergoldengate_application_adaptersbanking_supply_chain_financeautovue_for_agile_product_lifecycle_managementcommunications_pricing_design_centerinsurance_policy_administrationcommerce_platformcommunications_network_charging_and_controldata_integratorcommunications_diameter_signaling_routeretail_xstore_point_of_servicecommunications_policy_managementcommunications_cloud_native_core_policycloud_backupcommunications_services_gatekeeperretail_customer_management_and_segmentation_foundationn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-47579
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9||CRITICAL
EPSS-0.30% / 22.10%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 16:25
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Photography Theme <= 7.7.2 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in ThemeGoods Photography photography allows Object Injection.This issue affects Photography: from n/a through <= 7.7.2.

Action-Not Available
Vendor-themegoodsThemeGoods
Product-photographyPhotography
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-35728
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-12.50% / 95.73%
||
7 Day CHG~0.00%
Published-27 Dec, 2020 | 04:32
Updated-29 Apr, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).

Action-Not Available
Vendor-n/aFasterXML, LLC.Oracle CorporationDebian GNU/LinuxNetApp, Inc.
Product-webcenter_portalcommunications_unified_inventory_managementcommunications_session_route_managercommunications_billing_and_revenue_managementautovuecommunications_session_report_managercommunications_element_managercommunications_cloud_native_core_unified_data_repositorycommunications_evolved_communications_application_serverjackson-databindjd_edwards_enterpriseone_toolsbanking_extensibility_workbenchinsurance_rules_paletteblockchain_platformretail_service_backboneagile_plmbanking_virtual_account_managementdebian_linuxbanking_treasury_managementservice_level_managerjd_edwards_enterpriseone_orchestratorprimavera_unifierbanking_credit_facilities_process_managementapplication_testing_suiteprimavera_gatewaybanking_corporate_lending_process_managementretail_merchandising_systemcommunications_convergent_charging_controllergoldengate_application_adaptersbanking_supply_chain_financeinsurance_policy_administrationcommerce_platformcommunications_network_charging_and_controldata_integratorcommunications_diameter_signaling_routeretail_xstore_point_of_servicecommunications_policy_managementcommunications_cloud_native_core_policycommunications_services_gatekeeperretail_customer_management_and_segmentation_foundationn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-42471
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-1.76% / 75.22%
||
7 Day CHG~0.00%
Published-01 May, 2026 | 00:00
Updated-05 May, 2026 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client (Connection.php:76) calls unserialize() on data received from the server response, enabling client-side RCE if connecting to a malicious server.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-42211
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.42% / 33.44%
||
7 Day CHG~0.00%
Published-02 Jun, 2026 | 18:18
Updated-04 Jun, 2026 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE

React Router is a router for React. In versions 7.0.0 through 7.14.1, when using Framework Mode, a combination of steps could potentially allow unauthorized remote code execution (RCE) through external requests. This attack requires the application code to have an existing prototype pollution vulnerability, which can then be leveraged in a 2-step attack where the second step triggers unauthorized RCE on the remote server. This does not impact applications using Declarative Mode (`<BrowserRouter>`) or Data Mode (`createBrowserRouter/<RouterProvider>`). This is patched in version 7.14.2.

Action-Not Available
Vendor-shopifyremix-run
Product-react-routerreact-router
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-41731
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-8.1||HIGH
EPSS-0.49% / 38.54%
||
7 Day CHG+0.15%
Published-09 Jun, 2026 | 23:49
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
In Spring for Apache Kafka, overly broad trusted-package matching in header mappers exposes JDK classes to deserialization

JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Combined with Jackson's default bean deserialization, a producer could supply crafted header values that caused the consumer to deserialize arbitrary JDK types. Affected versions: Spring for Apache Kafka 4.0.0 through 4.0.5; 3.3.0 through 3.3.15; 3.2.0 through 3.2.13; 2.9.0 through 2.9.13; 2.8.0 through 2.8.11.

Action-Not Available
Vendor-VMware (Broadcom Inc.)Red Hat, Inc.
Product-spring_for_apache_kafkaSpring for Apache KafkaRed Hat JBoss Enterprise Application Platform Expansion PackRed Hat Fuse 7
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-40756
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.25% / 16.19%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 12:47
Updated-17 Jun, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Zoya theme <= 1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Zoya <= 1.4 versions.

Action-Not Available
Vendor-Mikado-Themes
Product-Zoya
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-40736
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.25% / 16.19%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 20:57
Updated-17 Jun, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Laurits theme <= 1.5.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Laurits <= 1.5.1 versions.

Action-Not Available
Vendor-Edge-Themes
Product-Laurits
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-40757
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.25% / 16.19%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 12:47
Updated-17 Jun, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Château theme <= 1.2.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Château <= 1.2.1 versions.

Action-Not Available
Vendor-Mikado-Themes
Product-Château
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-40754
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.25% / 16.19%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 20:57
Updated-17 Jun, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Roisin theme <= 1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Roisin <= 1.4 versions.

Action-Not Available
Vendor-Elated-Themes
Product-Roisin
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-40751
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.32% / 23.84%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 20:57
Updated-17 Jun, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ashtanga theme <= 1.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Ashtanga <= 1.2 versions.

Action-Not Available
Vendor-Mikado-Themes
Product-Ashtanga
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-40761
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.25% / 16.19%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 20:57
Updated-17 Jun, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Valeska theme <= 1.2.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions.

Action-Not Available
Vendor-Edge-Themes
Product-Valeska
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-40758
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.32% / 23.84%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 20:57
Updated-17 Jun, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Léonie theme <= 1.2.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Léonie <= 1.2.1 versions.

Action-Not Available
Vendor-Elated-Themes
Product-Léonie
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-40739
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.32% / 23.84%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 20:57
Updated-17 Jun, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LuxeDrive theme <= 1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in LuxeDrive <= 1.4 versions.

Action-Not Available
Vendor-Mikado-Themes
Product-LuxeDrive
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-40753
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.31% / 22.54%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 09:51
Updated-17 Jun, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EasyMeals theme <= 1.5.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in EasyMeals <= 1.5.1 versions.

Action-Not Available
Vendor-Mikado-Themes
Product-EasyMeals
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-40752
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.31% / 22.54%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 12:47
Updated-17 Jun, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Manufaktur Solutions theme <= 1.1.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Manufaktur Solutions <= 1.1.1 versions.

Action-Not Available
Vendor-Select-Themes
Product-Manufaktur Solutions
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-40755
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.25% / 16.19%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 20:57
Updated-17 Jun, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TechLink theme <= 1.3 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in TechLink <= 1.3 versions.

Action-Not Available
Vendor-Mikado-Themes
Product-TechLink
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-40760
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.25% / 16.19%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 20:57
Updated-17 Jun, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Behold theme <= 1.5 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Behold <= 1.5 versions.

Action-Not Available
Vendor-Edge-Themes
Product-Behold
CWE ID-CWE-502
Deserialization of Untrusted Data
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found