Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-32030

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-19 Jun, 2024 | 16:35
Updated At-02 Aug, 2024 | 01:59
Rejected At-
Credits

Remote code execution via JNDI resolution in JMX metrics collection in Kafka UI

Kafka UI is an Open-Source Web UI for Apache Kafka Management. Kafka UI API allows users to connect to different Kafka brokers by specifying their network address and port. As a separate feature, it also provides the ability to monitor the performance of Kafka brokers by connecting to their JMX ports. JMX is based on the RMI protocol, so it is inherently susceptible to deserialization attacks. A potential attacker can exploit this feature by connecting Kafka UI backend to its own malicious broker. This vulnerability affects the deployments where one of the following occurs: 1. dynamic.config.enabled property is set in settings. It's not enabled by default, but it's suggested to be enabled in many tutorials for Kafka UI, including its own README.md. OR 2. an attacker has access to the Kafka cluster that is being connected to Kafka UI. In this scenario the attacker can exploit this vulnerability to expand their access and execute code on Kafka UI as well. Instead of setting up a legitimate JMX port, an attacker can create an RMI listener that returns a malicious serialized object for any RMI call. In the worst case it could lead to remote code execution as Kafka UI has the required gadget chains in its classpath. This issue may lead to post-auth remote code execution. This is particularly dangerous as Kafka-UI does not have authentication enabled by default. This issue has been addressed in version 0.7.2. All users are advised to upgrade. There are no known workarounds for this vulnerability. These issues were discovered and reported by the GitHub Security lab and is also tracked as GHSL-2023-230.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:19 Jun, 2024 | 16:35
Updated At:02 Aug, 2024 | 01:59
Rejected At:
▼CVE Numbering Authority (CNA)
Remote code execution via JNDI resolution in JMX metrics collection in Kafka UI

Kafka UI is an Open-Source Web UI for Apache Kafka Management. Kafka UI API allows users to connect to different Kafka brokers by specifying their network address and port. As a separate feature, it also provides the ability to monitor the performance of Kafka brokers by connecting to their JMX ports. JMX is based on the RMI protocol, so it is inherently susceptible to deserialization attacks. A potential attacker can exploit this feature by connecting Kafka UI backend to its own malicious broker. This vulnerability affects the deployments where one of the following occurs: 1. dynamic.config.enabled property is set in settings. It's not enabled by default, but it's suggested to be enabled in many tutorials for Kafka UI, including its own README.md. OR 2. an attacker has access to the Kafka cluster that is being connected to Kafka UI. In this scenario the attacker can exploit this vulnerability to expand their access and execute code on Kafka UI as well. Instead of setting up a legitimate JMX port, an attacker can create an RMI listener that returns a malicious serialized object for any RMI call. In the worst case it could lead to remote code execution as Kafka UI has the required gadget chains in its classpath. This issue may lead to post-auth remote code execution. This is particularly dangerous as Kafka-UI does not have authentication enabled by default. This issue has been addressed in version 0.7.2. All users are advised to upgrade. There are no known workarounds for this vulnerability. These issues were discovered and reported by the GitHub Security lab and is also tracked as GHSL-2023-230.

Affected Products
Vendor
provectus
Product
kafka-ui
Versions
Affected
  • < 0.7.2
Problem Types
TypeCWE IDDescription
CWECWE-94CWE-94: Improper Control of Generation of Code ('Code Injection')
CWECWE-502CWE-502: Deserialization of Untrusted Data
Type: CWE
CWE ID: CWE-94
Description: CWE-94: Improper Control of Generation of Code ('Code Injection')
Type: CWE
CWE ID: CWE-502
Description: CWE-502: Deserialization of Untrusted Data
Metrics
VersionBase scoreBase severityVector
3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://securitylab.github.com/advisories/GHSL-2023-229_GHSL-2023-230_kafka-ui/
x_refsource_CONFIRM
https://github.com/provectus/kafka-ui/pull/4427
x_refsource_MISC
https://github.com/provectus/kafka-ui/commit/83b5a60cc08501b570a0c4d0b4cdfceb1b88d6b7#diff-37e769f4709c1e78c076a5949bbcead74e969725bfd89c7c4ba6d6f229a411e6R36
x_refsource_MISC
Hyperlink: https://securitylab.github.com/advisories/GHSL-2023-229_GHSL-2023-230_kafka-ui/
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/provectus/kafka-ui/pull/4427
Resource:
x_refsource_MISC
Hyperlink: https://github.com/provectus/kafka-ui/commit/83b5a60cc08501b570a0c4d0b4cdfceb1b88d6b7#diff-37e769f4709c1e78c076a5949bbcead74e969725bfd89c7c4ba6d6f229a411e6R36
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
provectus
Product
ui
CPEs
  • cpe:2.3:a:provectus:ui:*:*:*:*:*:kafka:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 0.7.2 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://securitylab.github.com/advisories/GHSL-2023-229_GHSL-2023-230_kafka-ui/
x_refsource_CONFIRM
x_transferred
https://github.com/provectus/kafka-ui/pull/4427
x_refsource_MISC
x_transferred
https://github.com/provectus/kafka-ui/commit/83b5a60cc08501b570a0c4d0b4cdfceb1b88d6b7#diff-37e769f4709c1e78c076a5949bbcead74e969725bfd89c7c4ba6d6f229a411e6R36
x_refsource_MISC
x_transferred
Hyperlink: https://securitylab.github.com/advisories/GHSL-2023-229_GHSL-2023-230_kafka-ui/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/provectus/kafka-ui/pull/4427
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/provectus/kafka-ui/commit/83b5a60cc08501b570a0c4d0b4cdfceb1b88d6b7#diff-37e769f4709c1e78c076a5949bbcead74e969725bfd89c7c4ba6d6f229a411e6R36
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:19 Jun, 2024 | 17:15
Updated At:15 Apr, 2026 | 00:35

Kafka UI is an Open-Source Web UI for Apache Kafka Management. Kafka UI API allows users to connect to different Kafka brokers by specifying their network address and port. As a separate feature, it also provides the ability to monitor the performance of Kafka brokers by connecting to their JMX ports. JMX is based on the RMI protocol, so it is inherently susceptible to deserialization attacks. A potential attacker can exploit this feature by connecting Kafka UI backend to its own malicious broker. This vulnerability affects the deployments where one of the following occurs: 1. dynamic.config.enabled property is set in settings. It's not enabled by default, but it's suggested to be enabled in many tutorials for Kafka UI, including its own README.md. OR 2. an attacker has access to the Kafka cluster that is being connected to Kafka UI. In this scenario the attacker can exploit this vulnerability to expand their access and execute code on Kafka UI as well. Instead of setting up a legitimate JMX port, an attacker can create an RMI listener that returns a malicious serialized object for any RMI call. In the worst case it could lead to remote code execution as Kafka UI has the required gadget chains in its classpath. This issue may lead to post-auth remote code execution. This is particularly dangerous as Kafka-UI does not have authentication enabled by default. This issue has been addressed in version 0.7.2. All users are advised to upgrade. There are no known workarounds for this vulnerability. These issues were discovered and reported by the GitHub Security lab and is also tracked as GHSL-2023-230.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-94Secondarysecurity-advisories@github.com
CWE-502Secondarysecurity-advisories@github.com
CWE ID: CWE-94
Type: Secondary
Source: security-advisories@github.com
CWE ID: CWE-502
Type: Secondary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/provectus/kafka-ui/commit/83b5a60cc08501b570a0c4d0b4cdfceb1b88d6b7#diff-37e769f4709c1e78c076a5949bbcead74e969725bfd89c7c4ba6d6f229a411e6R36security-advisories@github.com
N/A
https://github.com/provectus/kafka-ui/pull/4427security-advisories@github.com
N/A
https://securitylab.github.com/advisories/GHSL-2023-229_GHSL-2023-230_kafka-ui/security-advisories@github.com
N/A
https://github.com/provectus/kafka-ui/commit/83b5a60cc08501b570a0c4d0b4cdfceb1b88d6b7#diff-37e769f4709c1e78c076a5949bbcead74e969725bfd89c7c4ba6d6f229a411e6R36af854a3a-2127-422b-91ae-364da2661108
N/A
https://github.com/provectus/kafka-ui/pull/4427af854a3a-2127-422b-91ae-364da2661108
N/A
https://securitylab.github.com/advisories/GHSL-2023-229_GHSL-2023-230_kafka-ui/af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://github.com/provectus/kafka-ui/commit/83b5a60cc08501b570a0c4d0b4cdfceb1b88d6b7#diff-37e769f4709c1e78c076a5949bbcead74e969725bfd89c7c4ba6d6f229a411e6R36
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/provectus/kafka-ui/pull/4427
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://securitylab.github.com/advisories/GHSL-2023-229_GHSL-2023-230_kafka-ui/
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/provectus/kafka-ui/commit/83b5a60cc08501b570a0c4d0b4cdfceb1b88d6b7#diff-37e769f4709c1e78c076a5949bbcead74e969725bfd89c7c4ba6d6f229a411e6R36
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://github.com/provectus/kafka-ui/pull/4427
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://securitylab.github.com/advisories/GHSL-2023-229_GHSL-2023-230_kafka-ui/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

226Records found

CVE-2026-5562
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.62% / 45.36%
||
7 Day CHG~0.00%
Published-05 Apr, 2026 | 11:00
Updated-30 Apr, 2026 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
provectus kafka-ui Endpoint testexecutions validateAccess code injection

A vulnerability was identified in provectus kafka-ui up to 0.7.2. This impacts the function validateAccess of the file /api/smartfilters/testexecutions of the component Endpoint. The manipulation leads to code injection. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-provectusprovectus
Product-uikafka-ui
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-52251
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-85.02% / 99.69%
||
7 Day CHG~0.00%
Published-25 Jan, 2024 | 00:00
Updated-17 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages.

Action-Not Available
Vendor-provectusn/a
Product-uin/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2020-24616
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-9.35% / 94.78%
||
7 Day CHG~0.00%
Published-25 Aug, 2020 | 17:04
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).

Action-Not Available
Vendor-n/aDebian GNU/LinuxOracle CorporationFasterXML, LLC.NetApp, Inc.
Product-communications_diameter_signaling_routercommunications_contacts_servercommunications_messaging_servercommunications_offline_mediation_controlleridentity_manager_connectorsiebel_ui_frameworkactive_iq_unified_managercommunications_session_report_managercommunications_instant_messaging_serverautovue_for_agile_product_lifecycle_managementagile_plmcommunications_policy_managementbanking_supply_chain_financedebian_linuxblockchain_platformcommunications_cloud_native_core_unified_data_repositoryjackson-databindcommunications_pricing_design_centercommunications_calendar_serverbanking_liquidity_managementcommunications_evolved_communications_application_servercommunications_unified_inventory_managementapplication_testing_suitecommunications_services_gatekeepercommunications_element_managern/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-7635
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.1||HIGH
EPSS-0.48% / 38.00%
||
7 Day CHG~0.00%
Published-13 May, 2026 | 04:26
Updated-13 May, 2026 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
coreActivity: Activity Logging for WordPress <= 3.0 - Unauthenticated PHP Object Injection via 'user_agent' Log Meta Field

The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0. This is due to the plugin failing to validate or strip PHP serialization syntax from the User-Agent HTTP header before storing it in the logmeta table, and subsequently calling `maybe_unserialize()` on every retrieved `meta_value` in `query_metas()` without verifying the data was originally serialized by the application. This makes it possible for unauthenticated attackers to inject a crafted PHP serialized payload via the User-Agent header during any logged event (such as a failed login attempt), which, when an administrator views the Logs page, is deserialized and passed to `DeviceDetector::setUserAgent()`, triggering a Fatal TypeError that creates a persistent Denial of Service condition blocking administrator access to the Logs page entirely.

Action-Not Available
Vendor-gdragon
Product-coreActivity: Activity Logging for WordPress
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-23477
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8.1||HIGH
EPSS-1.95% / 77.77%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 17:24
Updated-25 Mar, 2025 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server code execution

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513.

Action-Not Available
Vendor-HP Inc.IBM CorporationOracle CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-solarislinux_kernelwebsphere_application_serverihp-uxwindowsz\/osaixWebSphere Application Server
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-8855
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8.1||HIGH
EPSS-0.46% / 36.46%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 16:58
Updated-28 May, 2026 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM HTTP Server is affected by multiple vulnerabilities

IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication (client authentication).

Action-Not Available
Vendor-IBM Corporation
Product-HTTP Server
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-23649
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.75% / 50.44%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 06:12
Updated-28 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MainWP Links Manager Extension Plugin <= 2.1 - Unauthenticated PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in MainWP MainWP Links Manager Extension.This issue affects MainWP Links Manager Extension: from n/a through 2.1.

Action-Not Available
Vendor-MainWPmainwp
Product-MainWP Links Manager Extensionmainwp_links_manager_extension
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-24750
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-7.27% / 93.60%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 18:39
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.

Action-Not Available
Vendor-n/aDebian GNU/LinuxOracle CorporationFasterXML, LLC.
Product-communications_diameter_signaling_routercommunications_contacts_serversiebel_core_-_server_frameworkcommunications_messaging_servercommunications_offline_mediation_controlleridentity_manager_connectorsiebel_ui_frameworkcommunications_session_route_managercommunications_session_report_managercommunications_instant_messaging_serveragile_plmautovue_for_agile_product_lifecycle_managementcommunications_policy_managementbanking_supply_chain_financedebian_linuxblockchain_platformcommunications_pricing_design_centerjackson-databindcommunications_calendar_serverbanking_liquidity_managementbanking_corporate_lending_process_managementcommunications_unified_inventory_managementbanking_credit_facilities_process_managementapplication_testing_suitecommunications_services_gatekeepercommunications_element_managern/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-9072
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8.1||HIGH
EPSS-0.41% / 32.80%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 14:21
Updated-24 Jun, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WebSphere Application Server is Affected By Denial of Service, HTTP Request Smuggling, and Remote Code Execution Vulnerabilities in IBM WebSphere Application Server Liberty [, , , , ]

IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execution and denial of service. This vulnerability can be exploited when an attacker impersonates backend servers and sends crafted responses to the plug-in.

Action-Not Available
Vendor-IBM Corporation
Product-ii
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-7647
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.1||HIGH
EPSS-0.46% / 36.83%
||
7 Day CHG~0.00%
Published-02 May, 2026 | 05:29
Updated-05 May, 2026 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Profile Builder Pro <= 3.14.5 - Unauthenticated PHP Object Injection

The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3.14.5. This is due to the use of PHP's maybe_unserialize() function on the attacker-controlled 'args' POST parameter within the wppb_request_users_pins_action_callback() AJAX handler, which lacked any nonce verification, type checking, or input validation before deserialization. Because the handler was registered with both wp_ajax_ and wp_ajax_nopriv_ hooks, it was reachable by completely unauthenticated users. This makes it possible for unauthenticated attackers to inject arbitrary PHP objects into application memory.

Action-Not Available
Vendor-Cozmoslabs
Product-Profile Builder Pro
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-8430
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.2||CRITICAL
EPSS-0.43% / 34.89%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 18:43
Updated-14 May, 2026 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SPIP < 4.4.14 Remote Code Execution via nginx

SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code in the context of the web server. Attackers can exploit this vulnerability through specific nginx configuration scenarios to achieve code execution, and this issue is not mitigated by the SPIP security screen.

Action-Not Available
Vendor-SPIP
Product-SPIP
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2018-15133
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-76.81% / 99.49%
||
7 Day CHG~0.00%
Published-09 Aug, 2018 | 19:00
Updated-07 Nov, 2025 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-02-06||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.

Action-Not Available
Vendor-laraveln/aLaravel
Product-laraveln/aLaravel Framework
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-24550
Matching Score-4
Assigner-Switzerland National Cyber Security Centre (NCSC)
ShareView Details
Matching Score-4
Assigner-Switzerland National Cyber Security Centre (NCSC)
CVSS Score-8.9||HIGH
EPSS-0.69% / 48.34%
||
7 Day CHG~0.00%
Published-24 Jun, 2024 | 07:05
Updated-02 Jan, 2026 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bludit - Remote Code Execution (RCE) through File API

A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files.

Action-Not Available
Vendor-bluditBluditbludit
Product-bluditBluditbludit
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-502
Deserialization of Untrusted Data
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-21886
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-8.1||HIGH
EPSS-1.21% / 64.56%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 23:35
Updated-13 Feb, 2025 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-58592
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.33% / 24.52%
||
7 Day CHG~0.00%
Published-06 Nov, 2025 | 15:54
Updated-28 Apr, 2026 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TranslatePress Plugin <= 2.10.2 - Deserialization of untrusted data Vulnerability

Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress translatepress-multilingual allows Object Injection.This issue affects TranslatePress: from n/a through <= 2.10.2.

Action-Not Available
Vendor-Cozmoslabs
Product-TranslatePress
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-58372
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.50% / 38.87%
||
7 Day CHG~0.00%
Published-05 Sep, 2025 | 22:51
Updated-15 Sep, 2025 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Roo Code: Potential Remote Code Execution via .code-workspace

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where certain VS Code workspace configuration files (.code-workspace) are not protected in the same way as the .vscode folder. If the agent was configured to auto-approve file writes, an attacker able to influence prompts (for example via prompt injection) could cause malicious workspace settings or tasks to be written. These tasks could then be executed automatically when the workspace is reopened, resulting in arbitrary code execution. This issue is fixed in version 3.26.0.

Action-Not Available
Vendor-roocodeRooCodeInc
Product-roo_codeRoo-Code
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-1705
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.6||MEDIUM
EPSS-0.59% / 44.08%
||
7 Day CHG~0.00%
Published-21 Feb, 2024 | 17:31
Updated-12 Feb, 2025 | 00:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Shopwind Installation DefaultController.php actionCreate code injection

A vulnerability was found in Shopwind up to 4.6. It has been rated as critical. This issue affects the function actionCreate of the file /public/install/controllers/DefaultController.php of the component Installation. The manipulation leads to code injection. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-254393 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-shopwindn/a
Product-shopwindShopwind
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-24009
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-1.38% / 68.71%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 15:04
Updated-09 Apr, 2026 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Docling Core vulnerable to Remote Code Execution via unsafe PyYAML usage

Docling Core (or docling-core) is a library that defines core data types and transformations in the document processing application Docling. A PyYAML-related Remote Code Execution (RCE) vulnerability, namely CVE-2020-14343, is exposed in docling-core starting in version 2.21.0 and prior to version 2.48.4, specifically only if the application uses pyyaml prior to version 5.4 and invokes `docling_core.types.doc.DoclingDocument.load_from_yaml()` passing it untrusted YAML data. The vulnerability has been patched in docling-core version 2.48.4. The fix mitigates the issue by switching `PyYAML` deserialization from `yaml.FullLoader` to `yaml.SafeLoader`, ensuring that untrusted data cannot trigger code execution. Users who cannot immediately upgrade docling-core can alternatively ensure that the installed version of PyYAML is 5.4 or greater.

Action-Not Available
Vendor-doclingdocling-project
Product-docling-coredocling-core
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-2604
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-8.1||HIGH
EPSS-4.90% / 91.03%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 16:34
Updated-30 Sep, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Debian GNU/LinuxMcAfee, LLCNetApp, Inc.Red Hat, Inc.openSUSEOracle CorporationCanonical Ltd.
Product-enterprise_linux_serverubuntu_linuxopenjdkepolicy_orchestratoroncommand_insightenterprise_linux_server_ause-series_santricity_management_plug-inse-series_performance_analyzerenterprise_linuxactive_iq_unified_managerjdke-series_santricity_web_services_proxyoncommand_workflow_automationcommerce_guided_searchsantricity_unified_managersteelstore_cloud_integrated_storagedebian_linuxgraalvmjreenterprise_linux_workstatione-series_santricity_os_controllere-series_santricity_storage_managerenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_desktopcommerce_experience_managerleapJava
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-56031
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.32% / 23.52%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 14:52
Updated-26 Jun, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Uncanny Automator plugin <= 7.3.1.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Uncanny Automator <= 7.3.1.2 versions.

Action-Not Available
Vendor-Uncanny Owl Inc.
Product-Uncanny Automator
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-56264
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.2||CRITICAL
EPSS-0.52% / 40.42%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:08
Updated-01 Jul, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Crawl4AI - Arbitrary JavaScript Execution via /execute_js Endpoint

Crawl4AI before 0.8.7 contains an arbitrary JavaScript execution vulnerability in the Docker API server's /execute_js endpoint, which accepts and executes arbitrary user-supplied JavaScript in the server's browser context with --disable-web-security enabled. An attacker can execute arbitrary JavaScript and, combined with the browser's relaxed security settings, perform server-side request forgery against internal services.

Action-Not Available
Vendor-Crawl4AI
Product-Crawl4AI
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-26915
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-41.84% / 98.52%
||
7 Day CHG~0.00%
Published-08 Feb, 2021 | 21:04
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet.

Action-Not Available
Vendor-n/aAbsolute Software Corporation
Product-netmotion_mobilityn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-54731
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.29% / 20.44%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:37
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress YouTube Showcase Plugin <= 3.5.1 - PHP Object Injection Vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in emarket-design YouTube Showcase youtube-showcase allows Object Injection.This issue affects YouTube Showcase: from n/a through <= 3.5.1.

Action-Not Available
Vendor-emarket-design
Product-YouTube Showcase
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-53572
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.30% / 22.10%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:37
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Easy Contact Plugin <= 4.0.1 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in emarket-design WP Easy Contact wp-easy-contact allows Object Injection.This issue affects WP Easy Contact: from n/a through <= 4.0.1.

Action-Not Available
Vendor-emarket-design
Product-WP Easy Contact
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-1750
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.6||MEDIUM
EPSS-0.78% / 51.43%
||
7 Day CHG~0.00%
Published-22 Feb, 2024 | 20:00
Updated-31 Dec, 2024 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TemmokuMVC Image Download images_get_down.php img_replace deserialization

A vulnerability, which was classified as critical, was found in TemmokuMVC up to 2.3. Affected is the function get_img_url/img_replace in the library lib/images_get_down.php of the component Image Download Handler. The manipulation leads to deserialization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254532. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-temmokumvcn/a
Product-temmokumvcTemmokuMVC
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-53584
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.30% / 22.10%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:37
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Ticket Customer Service Software & Support Ticket System Plugin <= 6.0.2 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in emarket-design WP Ticket Customer Service Software & Support Ticket System wp-ticket allows Object Injection.This issue affects WP Ticket Customer Service Software & Support Ticket System: from n/a through <= 6.0.2.

Action-Not Available
Vendor-emarket-design
Product-WP Ticket Customer Service Software & Support Ticket System
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-53583
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.30% / 22.10%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:37
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Employee Spotlight Plugin <= 5.1.1 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in emarket-design Employee Spotlight employee-spotlight allows Object Injection.This issue affects Employee Spotlight: from n/a through <= 5.1.1.

Action-Not Available
Vendor-emarket-design
Product-Employee Spotlight
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2017-3200
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-8.1||HIGH
EPSS-6.15% / 92.59%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 17:00
Updated-05 Aug, 2024 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
The implementation of Action Message Format (AMF3) deserializers in GraniteDS, version 3.1.1.GA, may allow instantiation of arbitrary classes due to improper code control

The Java implementation of AMF3 deserializers used in GraniteDS, version 3.1.1.G, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability depends on the availability of classes in the class path that make use of deserialization. A remote attacker with the ability to spoof or control information may be able to send serialized Java objects with pre-set properties that result in arbitrary code execution when deserialized.

Action-Not Available
Vendor-granitedsGraniteDS
Product-granitedsFramework
CWE ID-CWE-913
Improper Control of Dynamically-Managed Code Resources
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-54512
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.62% / 45.20%
||
7 Day CHG+0.01%
Published-23 Jun, 2026 | 20:56
Updated-27 Jun, 2026 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
jackson-databind: PolymorphicTypeValidator bypass via generic type parameters allows arbitrary class instantiation

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, jackson-databind's PolymorphicTypeValidator (PTV) is the primary safety mechanism guarding polymorphic deserialization. When polymorphic typing is enabled and a type identifier contains generic parameters (i.e. the type ID string contains <), DatabindContext._resolveAndValidateGeneric() validates only the raw container class name (the substring before <) against the configured PTV. If the container type is approved, the method parses the full canonical type string via TypeFactory.constructFromCanonical() and returns the fully parameterized type without ever validating the nested type arguments against the PTV. The nested type arguments are then resolved, instantiated, and populated as beans during deserialization. An attacker who controls the type ID can therefore place a denied class as a generic type parameter of an allowed container — for example java.util.ArrayList<com.evil.Gadget> when only java.util.ArrayList is allow-listed. The container passes the PTV check; com.evil.Gadget is loaded via Class.forName(name, true, loader), instantiated, and its properties are set from attacker-controlled JSON. This completely bypasses an explicitly configured PTV allow-list. This vulnerability is fixed in 2.18.8, 2.21.4, and 3.1.4.

Action-Not Available
Vendor-FasterXML, LLC.
Product-jackson-databindjackson-databind
CWE ID-CWE-184
Incomplete List of Disallowed Inputs
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-13556
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.1||HIGH
EPSS-0.54% / 41.25%
||
7 Day CHG~0.00%
Published-18 Feb, 2025 | 05:22
Updated-08 Apr, 2026 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Affiliate Links: WordPress Plugin for Link Cloaking and Link Management <= 3.0.1 - Missing Authorization to Unauthenticated Import/Export and PHP Object Injection

The Affiliate Links: WordPress Plugin for Link Cloaking and Link Management plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.1 via deserialization of untrusted input from an file export. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.

Action-Not Available
Vendor-wecantrackwecantrack
Product-affiliate_linksAffiliate Links – Link Cloaking and Management
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-53243
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.30% / 22.10%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:37
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Employee Directory – Staff Listing & Team Directory plugin for WordPress plugin <= 4.5.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in emarket-design Employee Directory – Staff Listing & Team Directory Plugin for WordPress employee-directory allows Object Injection.This issue affects Employee Directory – Staff Listing & Team Directory Plugin for WordPress: from n/a through <= 4.5.5.

Action-Not Available
Vendor-emarket-design
Product-Employee Directory – Staff Listing & Team Directory Plugin for WordPress
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-51427
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.53% / 40.82%
||
7 Day CHG+0.16%
Published-19 May, 2026 | 00:00
Updated-30 Jun, 2026 | 03:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file (dey_mini.yaml) under the key ['nnet']['module'].

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-n/aRed Hat OpenShift AI (RHOAI)
CWE ID-CWE-502
Deserialization of Untrusted Data
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-13770
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.1||HIGH
EPSS-0.76% / 50.59%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 04:21
Updated-08 Apr, 2026 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Puzzles | WP Magazine / Review with Store WordPress Theme + RTL <= 4.2.4 - Unauthenticated PHP Object Injection

The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2.4 via deserialization of untrusted input 'view_more_posts' AJAX action. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. The developer opted to remove the software from the repository, so an update is not available and it is recommended to find a replacement software.

Action-Not Available
Vendor-themerexThemeREX
Product-puzzlesPuzzles | WP Magazine / Review with Store WordPress Theme + RTL
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-13777
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.1||HIGH
EPSS-0.59% / 43.99%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 09:21
Updated-08 Apr, 2026 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Unauthenticated PHP Object Injection

The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.91 via deserialization of untrusted input from the 'margs' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.

Action-Not Available
Vendor-digitalzoomstudioZoomIt
Product-zoomsoundsZoomSounds - WordPress Wave Audio Player with Playlist
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-55388
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.30% / 21.35%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 16:50
Updated-23 Jun, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
piscina: Prototype Pollution Gadget → RCE via inherited options.filename

piscina is a node.js worker pool implementation. Prior to 6.0.0-rc.2, 5.2.0, and 4.9.3, piscina's constructor and run() paths read the filename option via plain member access. Both reads fall through the prototype chain when the caller's options object doesn't have filename as an own property. When Object.prototype.filename is polluted upstream the inherited value flows to worker_threads.Worker import and the attacker's .mjs runs in the worker. This vulnerability is fixed in 6.0.0-rc.2, 5.2.0, and 4.9.3.

Action-Not Available
Vendor-piscinajs
Product-piscina
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-10749
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-2.3||LOW
EPSS-0.51% / 39.50%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 00:31
Updated-06 Nov, 2024 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ThinkAdmin Plugs.php script deserialization

A vulnerability, which was classified as critical, was found in ThinkAdmin up to 6.1.67. Affected is the function script of the file /app/admin/controller/api/Plugs.php. The manipulation of the argument uptoken leads to deserialization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-thinkadminn/a
Product-thinkadminThinkAdmin
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-12313
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.1||HIGH
EPSS-0.78% / 51.36%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 04:22
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Compare Products for WooCommerce <= 3.2.1 - Unauthenticated PHP Object Injection

The Compare Products for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.1 via deserialization of untrusted input from the 'woo_compare_list' cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

Action-Not Available
Vendor-a3rev
Product-Compare Products for WooCommerce
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2017-1000053
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-1.93% / 77.59%
||
7 Day CHG~0.00%
Published-13 Jul, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session.

Action-Not Available
Vendor-plug_projectn/a
Product-plugn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-49438
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.37% / 29.40%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 08:03
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Login Log plugin <= 1.1.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Max Chirkov Simple Login Log allows Object Injection. This issue affects Simple Login Log: from n/a through 1.1.3.

Action-Not Available
Vendor-Max Chirkov
Product-Simple Login Log
CWE ID-CWE-502
Deserialization of Untrusted Data
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2026-50632
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-8.1||HIGH
EPSS-0.65% / 46.47%
||
7 Day CHG+0.20%
Published-12 Jun, 2026 | 09:00
Updated-03 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache CXF: JNDI Injection Vulnerability in JMSConfigFactory

A further incomplete fix for a previous advisory CVE-2026-44417 (Untrusted JMS configuration can lead to RCE) for Apache CXF has been identified, which can allow code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fixes this issue.

Action-Not Available
Vendor-Red Hat, Inc.The Apache Software Foundation
Product-cxfApache CXFRed Hat build of Apache Camel for Spring Boot 4Red Hat JBoss Enterprise Application Platform 7Red Hat Fuse 7Red Hat Single Sign-On 7Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat JBoss Enterprise Application Platform 8
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-12312
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.1||HIGH
EPSS-1.07% / 60.88%
||
7 Day CHG~0.00%
Published-12 Dec, 2024 | 06:46
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Print Science Designer <= 1.3.152 - Unauthenticated PHP Object Injection

The Print Science Designer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.152 via deserialization of untrusted input through the 'designer-saved-projects' cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

Action-Not Available
Vendor-johnwwweissberg
Product-Print Science Designer
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-4800
Matching Score-4
Assigner-ce714d77-add3-4f53-aff5-83d477b104bb
ShareView Details
Matching Score-4
Assigner-ce714d77-add3-4f53-aff5-83d477b104bb
CVSS Score-8.1||HIGH
EPSS-1.74% / 74.90%
||
7 Day CHG+0.71%
Published-31 Mar, 2026 | 19:25
Updated-03 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
lodash vulnerable to Code Injection via `_.template` imports key names

Impact: The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink. When an application passes untrusted input as options.imports key names, an attacker can inject default-parameter expressions that execute arbitrary code at template compilation time. Additionally, _.template uses assignInWith to merge imports, which enumerates inherited properties via for..in. If Object.prototype has been polluted by any other vector, the polluted keys are copied into the imports object and passed to Function(). Patches: Users should upgrade to version 4.18.0. Workarounds: Do not pass untrusted input as key names in options.imports. Only use developer-controlled, static key names.

Action-Not Available
Vendor-lodashlodashRed Hat, Inc.
Product-lodash-eslodashlodash-amdlodash.templatelodash-eslodashlodash-amdlodash.templateRed Hat Developer Hub 1.8Red Hat Directory Server 13Cryostat 4 on RHEL 9Red Hat Enterprise Linux High Availability (v. 10)Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat build of Apicurio Registry 2Red Hat Enterprise Linux High Availability E4S (v.8.6)Red Hat Quay 3Red Hat Enterprise Linux HighAvailability EUS EXTENSION (v.8.4)Red Hat OpenShift distributed tracing 3.9.3Red Hat Enterprise Linux Resilient Storage EUS (v.9.4)Red Hat OpenShift GitOps 1.18Red Hat Directory Server 11Red Hat Directory Server 12Red Hat Developer HubMulticluster Engine for KubernetesRed Hat OpenShift Service Mesh 3.3Red Hat OpenShift Service Mesh 3.0Red Hat OpenShift Service Mesh 3.2Red Hat OpenShift Container Platform 4.22Red Hat OpenShift Service Mesh 2.6Red Hat Ansible Automation Platform 2.5Red Hat Build of Podman DesktopRed Hat 3scale API Management Platform 2Red Hat OpenShift GitOpsRed Hat Discovery 2Red Hat JBoss Enterprise Application Platform 8Self-service automation portal 2Red Hat Trusted Profile AnalyzerRed Hat Enterprise Linux 7Red Hat OpenShift Container Platform 4.17Red Hat OpenShift Service Mesh 3.1Red Hat Fuse 7Red Hat Enterprise Linux High Availability (v. 9)Red Hat Openshift Data Foundation 4.16Gatekeeper 3Migration Toolkit for ContainersRed Hat Enterprise Linux 10Streams for Apache Kafka 2.9.4Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat OpenShift AI 3.3Red Hat Advanced Cluster Management for Kubernetes 2Node HealthCheck OperatorRed Hat Enterprise Linux 9OpenShift Service Mesh 3Red Hat Trusted Artifact SignerRed Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2Red Hat build of Apache Camel - HawtIO 4Red Hat Enterprise Linux ResilientStorage E4S (v.9.0)Red Hat Advanced Cluster Security 4Red Hat Enterprise Linux High Availability E4S (v.9.2)Migration Toolkit for Applications 8Red Hat Developer Hub 1.9OpenShift LightspeedRed Hat Ansible Automation Platform 2.6Red Hat OpenShift AI 2.25Red Hat Enterprise Linux High Availability TUS (v.8.6)Red Hat Enterprise Linux High Availability EUS (v. 10.0)Red Hat Build of KeycloakRed Hat Process Automation 7Red Hat Enterprise Linux High Availability EUS (v.9.4)Red Hat Enterprise Linux AppStream (v. 10)Red Hat Satellite 6.18OpenShift PipelinesRed Hat Openshift Data Foundation 4.19Red Hat Trusted Artifact Signer 1.3Migration Toolkit for Virtualization 2.9Red Hat Openshift Data Foundation 4.2Migration Toolkit for Virtualization 2.1Streams for Apache Kafka 3.2.0Red Hat JBoss Enterprise Application Platform 7Red Hat Enterprise Linux High Availability E4S (v.9.0)Red Hat Openshift Data Foundation 4.18Red Hat Satellite 6Red Hat Data Grid 8.6.1Red Hat Ansible Automation Platform 2.6 for RHEL 10Red Hat Enterprise Linux High Availability EUS (v.9.6)Cluster Observability Operator 1.5.0Red Hat Enterprise Linux High Availability E4S (v.8.8)Red Hat OpenShift AI (RHOAI)Red Hat Enterprise Linux High Availability AUS (v.8.4)Confidential Compute AttestationRed Hat Edge Manager 1Network Observability (NETOBSERV) 1.11.2Red Hat OpenShift Container Platform 4.18Red Hat Enterprise Linux Resilient Storage (v. 9)Red Hat build of Apicurio Registry 3Red Hat OpenShift Container Platform 4.19Red Hat Enterprise Linux Resilient Storage EUS (v.9.6)Logging Subsystem for Red Hat OpenShiftRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat Enterprise Linux High Availability TUS (v.8.8)Red Hat Openshift Data Foundation 4.17Red Hat OpenShift Dev Spaces 3.27Cryostat 4Red Hat OpenShift Virtualization 4Red Hat OpenShift GitOps 1.19Red Hat OpenShift Container Platform 4.20Red Hat Single Sign-On 7Red Hat Connectivity Link 1Red Hat Enterprise Linux Resilient Storage E4S (v.9.2)Red Hat OpenShift Container Platform 4
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-49286
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.56% / 42.21%
||
7 Day CHG~0.00%
Published-19 Jun, 2026 | 17:03
Updated-22 Jun, 2026 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PhpWeasyPrint vulnerable to PHAR deserialization via output filename (CVE-2023-28115 case-insensitive bypass)

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `pontedilana/php-weasyprint` guarded the output filename against the `phar://` stream wrapper with a case-sensitive blacklist. PHP stream wrappers are case-insensitive, so `PHAR://`, `Phar://`, etc. bypass the check and reach `fileExists()` (`file_exists()`) in `prepareOutput()`. On PHP 7 (which the library still supports — PHP 7.4+), this triggers deserialization of a crafted PHAR archive's metadata, leading to remote code execution. This is the patch-bypass of CVE-2023-28115. The same issue and fix were handled upstream in KnpLabs/snappy (GHSA-92rv-4j2h-8mjj). PhpWeasyPrint version 2.6.0 contains a patch for the issue.

Action-Not Available
Vendor-pontedilana
Product-php-weasyprint
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-36188
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-10.91% / 95.33%
||
7 Day CHG~0.00%
Published-06 Jan, 2021 | 22:29
Updated-04 Aug, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.

Action-Not Available
Vendor-n/aDebian GNU/LinuxOracle CorporationFasterXML, LLC.NetApp, Inc.
Product-primavera_unifiercloud_backupjd_edwards_enterpriseone_orchestratorprimavera_gatewaycommunications_network_charging_and_controlcommunications_session_route_managerretail_service_backbonecommunications_session_report_managercommunications_instant_messaging_serverautovue_for_agile_product_lifecycle_managementagile_plmcommunications_policy_managementcommunications_cloud_native_core_policyretail_merchandising_systemcommunications_convergent_charging_controllercommerce_platformblockchain_platformcommunications_cloud_native_core_unified_data_repositoryjackson-databindcommunications_evolved_communications_application_servercommunications_unified_inventory_managementservice_level_managerdocumakerapplication_testing_suitecommunications_services_gatekeeperbanking_virtual_account_managementretail_customer_management_and_segmentation_foundationinsurance_rules_palettecommunications_billing_and_revenue_managementcommunications_offline_mediation_controllerdebian_linuxbanking_supply_chain_financecommunications_diameter_signaling_routecommunications_pricing_design_centerbanking_credit_facilities_process_managementretail_xstore_point_of_serviceinsurance_policy_administrationbanking_corporate_lending_process_managementgoldengate_application_adaptersbanking_extensibility_workbenchcommunications_element_managerjd_edwards_enterpriseone_toolsbanking_treasury_managementwebcenter_portaldata_integratorn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-49121
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.2||CRITICAL
EPSS-1.10% / 61.76%
||
7 Day CHG+0.06%
Published-01 Jun, 2026 | 17:09
Updated-30 Jun, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AI Tensor Engine for ROCm (AITER) 0.1.14 Unauthenticated RCE via MessageQueue.recv() Pickle Deserialization

AI Tensor Engine for ROCm (AITER) through 0.1.14 contains an unauthenticated remote code execution vulnerability in the MessageQueue.recv() function within shm_broadcast.py that allows unauthenticated remote attackers to execute arbitrary code by sending a malicious pickle payload to a ZMQ SUB socket with no authentication, HMAC, or format validation. Attackers who can reach the writer XPUB endpoint on the cluster network or supply a forged Handle with an attacker-controlled remote_subscribe_addr can deliver a crafted pickle payload that executes arbitrary code simultaneously as the inference worker process on every remote reader worker.

Action-Not Available
Vendor-ROCmAdvanced Micro Devices, Inc.Red Hat, Inc.
Product-aiteraiterRed Hat OpenShift AI (RHOAI)Red Hat AI Inference Server
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-46851
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-8.1||HIGH
EPSS-0.46% / 36.59%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 19:27
Updated-23 Jun, 2026 | 05:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Security). The supported version that is affected is 9.2.38. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Campus Community. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise CS Campus Community. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-peoplesoft_enterprise_cs_campus_communityPeopleSoft Enterprise CS Campus Community
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2020-36183
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-4.89% / 91.02%
||
7 Day CHG~0.00%
Published-06 Jan, 2021 | 22:30
Updated-29 Apr, 2026 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.

Action-Not Available
Vendor-n/aFasterXML, LLC.Oracle CorporationDebian GNU/LinuxNetApp, Inc.
Product-webcenter_portalcommunications_unified_inventory_managementcommunications_session_route_managercommunications_billing_and_revenue_managementcommunications_instant_messaging_servercommunications_session_report_managercommunications_element_managercommunications_cloud_native_core_unified_data_repositorycommunications_evolved_communications_application_serverjackson-databindjd_edwards_enterpriseone_toolsbanking_extensibility_workbenchinsurance_rules_paletteblockchain_platformretail_service_backboneagile_plmbanking_virtual_account_managementdebian_linuxbanking_treasury_managementservice_level_managerjd_edwards_enterpriseone_orchestratorprimavera_unifierbanking_credit_facilities_process_managementapplication_testing_suiteprimavera_gatewaybanking_corporate_lending_process_managementdocumakerretail_merchandising_systemcommunications_convergent_charging_controllercommunications_offline_mediation_controllergoldengate_application_adaptersbanking_supply_chain_financeautovue_for_agile_product_lifecycle_managementcommunications_pricing_design_centerinsurance_policy_administrationcommerce_platformcommunications_network_charging_and_controldata_integratorcommunications_diameter_signaling_routeretail_xstore_point_of_servicecommunications_policy_managementcommunications_cloud_native_core_policycloud_backupcommunications_services_gatekeeperretail_customer_management_and_segmentation_foundationn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-47579
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9||CRITICAL
EPSS-0.30% / 22.10%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 16:25
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Photography Theme <= 7.7.2 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in ThemeGoods Photography photography allows Object Injection.This issue affects Photography: from n/a through <= 7.7.2.

Action-Not Available
Vendor-themegoodsThemeGoods
Product-photographyPhotography
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-35728
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-12.50% / 95.73%
||
7 Day CHG~0.00%
Published-27 Dec, 2020 | 04:32
Updated-29 Apr, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).

Action-Not Available
Vendor-n/aFasterXML, LLC.Oracle CorporationDebian GNU/LinuxNetApp, Inc.
Product-webcenter_portalcommunications_unified_inventory_managementcommunications_session_route_managercommunications_billing_and_revenue_managementautovuecommunications_session_report_managercommunications_element_managercommunications_cloud_native_core_unified_data_repositorycommunications_evolved_communications_application_serverjackson-databindjd_edwards_enterpriseone_toolsbanking_extensibility_workbenchinsurance_rules_paletteblockchain_platformretail_service_backboneagile_plmbanking_virtual_account_managementdebian_linuxbanking_treasury_managementservice_level_managerjd_edwards_enterpriseone_orchestratorprimavera_unifierbanking_credit_facilities_process_managementapplication_testing_suiteprimavera_gatewaybanking_corporate_lending_process_managementretail_merchandising_systemcommunications_convergent_charging_controllergoldengate_application_adaptersbanking_supply_chain_financeinsurance_policy_administrationcommerce_platformcommunications_network_charging_and_controldata_integratorcommunications_diameter_signaling_routeretail_xstore_point_of_servicecommunications_policy_managementcommunications_cloud_native_core_policycommunications_services_gatekeeperretail_customer_management_and_segmentation_foundationn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2024-10828
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.1||HIGH
EPSS-1.41% / 69.32%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 03:20
Updated-08 Apr, 2026 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Advanced Order Export For WooCommerce <= 3.5.5 - Unauthenticated PHP Object Injection via Order Details

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order export when the "Try to convert serialized values" option is enabled. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

Action-Not Available
Vendor-AlgolPlus
Product-advanced_order_export_for_woocommerceAdvanced Order Export For WooCommerceadvanced_order_export
CWE ID-CWE-502
Deserialization of Untrusted Data
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found