Total
2666 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46147 | 1 Themify | 1 Ultra | 2026-04-28 | N/A | 7.4 HIGH |
| Deserialization of Untrusted Data vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5. | |||||
| CVE-2023-40555 | 1 Uxthemes | 1 Flatsome | 2026-04-28 | N/A | 8.3 HIGH |
| Deserialization of Untrusted Data vulnerability in UX-themes Flatsome | Multi-Purpose Responsive WooCommerce Theme.This issue affects Flatsome | Multi-Purpose Responsive WooCommerce Theme: from n/a through 3.17.5. | |||||
| CVE-2023-37390 | 1 Themesflat | 1 Themesflat Addons For Elementor | 2026-04-28 | N/A | 8.3 HIGH |
| Deserialization of Untrusted Data vulnerability in Themesflat Themesflat Addons For Elementor.This issue affects Themesflat Addons For Elementor: from n/a through 2.0.0. | |||||
| CVE-2023-36381 | 1 Gesundheit-bewegt | 1 Zippy | 2026-04-28 | N/A | 6.6 MEDIUM |
| Deserialization of Untrusted Data vulnerability in Gesundheit Bewegt GmbH Zippy.This issue affects Zippy: from n/a through 1.6.5. | |||||
| CVE-2023-34382 | 1 Dokan | 1 Dokan | 2026-04-28 | N/A | 4.4 MEDIUM |
| Deserialization of Untrusted Data vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.19. | |||||
| CVE-2023-34027 | 1 Rajarora795 | 1 Recently Viewed Products | 2026-04-28 | N/A | 8.3 HIGH |
| Deserialization of Untrusted Data vulnerability in Rajnish Arora Recently Viewed Products.This issue affects Recently Viewed Products: from n/a through 1.0.0. | |||||
| CVE-2023-32795 | 1 Woocommerce | 1 Product Addons | 2026-04-28 | N/A | 8.2 HIGH |
| Deserialization of Untrusted Data vulnerability in WooCommerce Product Add-Ons.This issue affects Product Add-Ons: from n/a through 6.1.3. | |||||
| CVE-2023-32513 | 1 Givewp | 1 Givewp | 2026-04-28 | N/A | 7.5 HIGH |
| Deserialization of Untrusted Data vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.3. | |||||
| CVE-2023-28782 | 1 Gravityforms | 1 Gravity Forms | 2026-04-28 | N/A | 8.3 HIGH |
| Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. Gravity Forms.This issue affects Gravity Forms: from n/a through 2.7.3. | |||||
| CVE-2023-27459 | 1 Wpeverest | 1 User Registration \& Membership | 2026-04-28 | N/A | 7.4 HIGH |
| Deserialization of Untrusted Data vulnerability in WPEverest User Registration.This issue affects User Registration: from n/a through 2.3.2.1. | |||||
| CVE-2023-23649 | 2026-04-28 | N/A | 8.1 HIGH | ||
| Deserialization of Untrusted Data vulnerability in MainWP MainWP Links Manager Extension.This issue affects MainWP Links Manager Extension: from n/a through 2.1. | |||||
| CVE-2022-47599 | 1 Bitapps | 1 File Manager | 2026-04-28 | N/A | 5.5 MEDIUM |
| Deserialization of Untrusted Data vulnerability in File Manager by Bit Form Team File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager.This issue affects File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager: from n/a through 5.2.7. | |||||
| CVE-2022-45845 | 1 Nextendweb | 1 Smart Slider 3 | 2026-04-28 | N/A | 4.3 MEDIUM |
| Deserialization of Untrusted Data vulnerability in Nextend Smart Slider 3.This issue affects Smart Slider 3: from n/a through 3.5.1.9. | |||||
| CVE-2022-45083 | 1 Properfraction | 1 Profilepress | 2026-04-28 | N/A | 6.6 MEDIUM |
| Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress: from n/a through 4.3.2. | |||||
| CVE-2026-25874 | 1 Huggingface | 1 Lerobot | 2026-04-28 | N/A | 9.8 CRITICAL |
| LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads() is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable attacker can achieve arbitrary code execution on the server or client by sending a crafted pickle payload through the SendPolicyInstructions, SendObservations, or GetActions gRPC calls. | |||||
| CVE-2026-1839 | 1 Huggingface | 1 Transformers | 2026-04-28 | N/A | 7.8 HIGH |
| A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows for arbitrary code execution. The `_load_rng_state()` method in `src/transformers/trainer.py` at line 3059 calls `torch.load()` without the `weights_only=True` parameter. This issue affects all versions of the library supporting `torch>=2.2` when used with PyTorch versions below 2.6, as the `safe_globals()` context manager provides no protection in these versions. An attacker can exploit this vulnerability by supplying a malicious checkpoint file, such as `rng_state.pth`, which can execute arbitrary code when loaded. The issue is resolved in version v5.0.0rc3. | |||||
| CVE-2026-34615 | 3 Adobe, Apple, Microsoft | 4 Connect, Connect Desktop Application, Macos and 1 more | 2026-04-28 | N/A | 9.3 CRITICAL |
| Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed. | |||||
| CVE-2026-27303 | 3 Adobe, Apple, Microsoft | 4 Connect, Connect Desktop Application, Macos and 1 more | 2026-04-28 | N/A | 9.6 CRITICAL |
| Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed. | |||||
| CVE-2025-59007 | 2026-04-27 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in themesflat TF Woo Product Grid Addon For Elementor tf-woo-product-grid allows Object Injection.This issue affects TF Woo Product Grid Addon For Elementor: from n/a through <= 1.0.1. | |||||
| CVE-2025-49386 | 2026-04-27 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in Scott Reilly Preserve Code Formatting preserve-code-formatting allows Object Injection.This issue affects Preserve Code Formatting: from n/a through <= 4.0.1. | |||||