Total
2550 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-49688 | 2026-04-23 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in reputeinfosystems ARPrice arprice allows Object Injection.This issue affects ARPrice: from n/a through <= 4.1.3. | |||||
| CVE-2024-49624 | 1 Smartdevth | 1 Advanced Advertising System | 2026-04-23 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in smartdevth Advanced Advertising System advanced-advertising-system allows Object Injection.This issue affects Advanced Advertising System: from n/a through <= 1.3.1. | |||||
| CVE-2024-49332 | 1 Giveawayboost | 1 Giveaway Boost | 2026-04-23 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in giveawayboost Giveaway Boost giveaway-boost allows Object Injection.This issue affects Giveaway Boost: from n/a through <= 2.1.4. | |||||
| CVE-2024-49318 | 2026-04-23 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Scott My Reading Library my-reading-library allows Object Injection.This issue affects My Reading Library: from n/a through <= 1.0. | |||||
| CVE-2024-49222 | 2026-04-23 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Object Injection.This issue affects WPGuppy: from n/a through <= 1.1.0. | |||||
| CVE-2024-48033 | 2026-04-23 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in baptiste.gourdin Talkback talkback-secure-linkback-protocol allows Object Injection.This issue affects Talkback: from n/a through <= 1.0. | |||||
| CVE-2024-48030 | 2026-04-23 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Webextends Telecash Ricaricaweb telecash-ricaricaweb allows Object Injection.This issue affects Telecash Ricaricaweb: from n/a through <= 2.2. | |||||
| CVE-2024-48028 | 2026-04-23 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Boyan Raichev IP Loc8 ip-loc8 allows Object Injection.This issue affects IP Loc8: from n/a through <= 1.1. | |||||
| CVE-2024-48026 | 2026-04-23 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in GMRobbins Disc Golf Manager disc-golf-manager allows Object Injection.This issue affects Disc Golf Manager: from n/a through <= 1.0.0. | |||||
| CVE-2024-47636 | 1 Eyecix | 1 Jobsearch Wp Job Board | 2026-04-23 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch allows Object Injection.This issue affects JobSearch: from n/a through <= 2.5.9. | |||||
| CVE-2024-43252 | 2026-04-23 | N/A | 9.0 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Crew HRM Crew HRM hr-management.This issue affects Crew HRM: from n/a through <= 1.1.1. | |||||
| CVE-2024-37502 | 1 Wpwebelite | 1 Woocommerce Social Login | 2026-04-23 | N/A | 5.4 MEDIUM |
| Deserialization of Untrusted Data vulnerability in wpweb WooCommerce Social Login woo-social-login.This issue affects WooCommerce Social Login: from n/a through <= 2.6.3. | |||||
| CVE-2024-32817 | 2026-04-23 | N/A | 4.4 MEDIUM | ||
| Deserialization of Untrusted Data vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta.This issue affects Import and export users and customers: from n/a through <= 1.26.2. | |||||
| CVE-2024-30221 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2026-04-23 | N/A | 5.4 MEDIUM |
| Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart.This issue affects Sunshine Photo Cart: from n/a through <= 3.1.1. | |||||
| CVE-2024-29136 | 1 Themefic | 1 Tourfic | 2026-04-23 | N/A | 8.5 HIGH |
| Deserialization of Untrusted Data vulnerability in Themefic Tourfic tourfic.This issue affects Tourfic: from n/a through <= 2.11.17. | |||||
| CVE-2026-35464 | 1 Pyload | 1 Pyload | 2026-04-23 | N/A | 7.5 HIGH |
| pyLoad is a free and open-source download manager written in Python. The fix for CVE-2026-33509 added an ADMIN_ONLY_OPTIONS set to block non-admin users from modifying security-critical config options. The storage_folder option is not in this set and passes the existing path restriction because the Flask session directory is outside both PKGDIR and userdir. A user with SETTINGS and ADD permissions can redirect downloads to the Flask filesystem session store, plant a malicious pickle payload as a predictable session file, and trigger arbitrary code execution when any HTTP request arrives with the corresponding session cookie. This vulnerability is fixed with commit c4cf995a2803bdbe388addfc2b0f323277efc0e1. | |||||
| CVE-2007-1701 | 1 Php | 1 Php | 2026-04-23 | 6.8 MEDIUM | N/A |
| PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with "_SESSION|s:39:". | |||||
| CVE-2026-0677 | 2026-04-22 | N/A | N/A | ||
| Deserialization of Untrusted Data vulnerability in TotalSuite TotalContest Lite totalcontest-lite allows Object Injection.This issue affects TotalContest Lite: from n/a through <= 2.9.1. | |||||
| CVE-2026-32355 | 2026-04-22 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in Crocoblock JetEngine jet-engine allows Object Injection.This issue affects JetEngine: from n/a through < 3.8.4.1. | |||||
| CVE-2026-28105 | 2026-04-22 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in ThemeREX Good Energy goodenergy allows Object Injection.This issue affects Good Energy: from n/a through <= 1.7.7. | |||||