Total
1755 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-30225 | 2024-11-21 | N/A | 10.0 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP Migrate.This issue affects WP Migrate: from n/a through 2.6.10. | |||||
| CVE-2024-30223 | 2024-11-21 | N/A | 9.0 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26. | |||||
| CVE-2024-30222 | 2024-11-21 | N/A | 8.5 HIGH | ||
| Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26. | |||||
| CVE-2024-2229 | 2024-11-21 | N/A | 7.8 HIGH | ||
| CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution when a malicious project file is loaded into the application by a valid user. | |||||
| CVE-2024-29800 | 2024-11-21 | N/A | 8.0 HIGH | ||
| Deserialization of Untrusted Data vulnerability in Timber Team & Contributors Timber.This issue affects Timber: from n/a through 1.23.0. | |||||
| CVE-2024-29212 | 2024-11-21 | N/A | 9.9 CRITICAL | ||
| Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. | |||||
| CVE-2024-29040 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure `TPMS_ATTEST`. For the field `TPM2_GENERATED magic` of this structure any number can be used in the JSON structure. The verifier can receive a state which does not represent the actual, possibly malicious state of the device under test. The malicious device might get access to data it shouldn't, or can use services it shouldn't be able to. This issue has been patched in version 4.1.0. | |||||
| CVE-2024-28964 | 1 Dell | 1 Common Event Enabler | 2024-11-21 | N/A | 7.8 HIGH |
| Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in the context of the logged in user. Exploitation of this issue requires a victim to open a malicious file. | |||||
| CVE-2024-28074 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | N/A | 9.6 CRITICAL |
| It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access Rights Manager. While some controls were implemented the researcher was able to bypass these and use a different method to exploit the vulnerability. | |||||
| CVE-2024-27281 | 2024-11-21 | N/A | 4.5 MEDIUM | ||
| An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored. (When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache.) The main fixed version is 6.6.3.1. For Ruby 3.0 users, a fixed version is rdoc 6.3.4.1. For Ruby 3.1 users, a fixed version is rdoc 6.4.1.1. For Ruby 3.2 users, a fixed version is rdoc 6.5.1.1. | |||||
| CVE-2024-25100 | 1 Wpswings | 1 Coupon Referral Program | 2024-11-21 | N/A | 10.0 CRITICAL |
| Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program.This issue affects Coupon Referral Program: from n/a through 1.7.2. | |||||
| CVE-2024-24926 | 1 Unitedthemes | 1 Brooklyn | 2024-11-21 | N/A | 7.5 HIGH |
| Deserialization of Untrusted Data vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through 4.9.7.6. | |||||
| CVE-2024-24842 | 2024-11-21 | N/A | 8.7 HIGH | ||
| Deserialization of Untrusted Data vulnerability in Echo Plugins Knowledge Base for Documentation, FAQs with AI Assistance.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: from n/a through 11.30.2. | |||||
| CVE-2024-24797 | 1 G5plus | 1 Ere Recently Viewed | 2024-11-21 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed – Essential Real Estate Add-On.This issue affects ERE Recently Viewed – Essential Real Estate Add-On: from n/a through 1.3. | |||||
| CVE-2024-24796 | 1 Mage-people | 1 Event Manager And Tickets Selling For Woocommerce | 2024-11-21 | N/A | 8.2 HIGH |
| Deserialization of Untrusted Data vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin.This issue affects Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin: from n/a through 4.1.1. | |||||
| CVE-2024-24725 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/import_run.php&type=externalAssessment&step=4 URI. | |||||
| CVE-2024-24590 | 1 Clear | 1 Clearml | 2024-11-21 | N/A | 8.0 HIGH |
| Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with. | |||||
| CVE-2024-24551 | 2024-11-21 | N/A | N/A | ||
| A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files. | |||||
| CVE-2024-24550 | 2024-11-21 | N/A | N/A | ||
| A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files. | |||||
| CVE-2024-24302 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the postProcess() method. | |||||