Total
2097 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-3935 | 1 Connectwise | 1 Screenconnect | 2025-10-24 | N/A | 8.1 HIGH |
| ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using Base64 protected by machine keys. It is important to note that to obtain these machine keys, privileged system level access must be obtained. If these machine keys are compromised, attackers could create and send a malicious ViewState to the website, potentially leading to remote code execution on the server. The risk does not originate from a vulnerability introduced by ScreenConnect, but from platform level behavior. This had no direct impact to ScreenConnect Client. ScreenConnect 2025.4 patch disables ViewState and removes any dependency on it. | |||||
| CVE-2025-10035 | 1 Fortra | 1 Goanywhere Managed File Transfer | 2025-10-24 | N/A | 10.0 CRITICAL |
| A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection. | |||||
| CVE-2024-8069 | 1 Citrix | 1 Session Recording | 2025-10-24 | N/A | 8.0 HIGH |
| Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server | |||||
| CVE-2025-62008 | 2025-10-24 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in acowebs Product Table For WooCommerce product-table-for-woocommerce.This issue affects Product Table For WooCommerce: from n/a through <= 1.2.4. | |||||
| CVE-2025-60238 | 2025-10-24 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in universam UNIVERSAM universam-demo allows Object Injection.This issue affects UNIVERSAM: from n/a through <= 8.72.34. | |||||
| CVE-2025-60234 | 2025-10-24 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in designthemes Single Property single-property allows Object Injection.This issue affects Single Property: from n/a through <= 2.8. | |||||
| CVE-2025-60232 | 2025-10-24 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in quantumcloud KBx Pro Ultimate knowledgebase-helpdesk-pro allows Object Injection.This issue affects KBx Pro Ultimate: from n/a through <= 8.0.5. | |||||
| CVE-2025-60226 | 2025-10-23 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in axiomthemes White Rabbit whiterabbit allows Object Injection.This issue affects White Rabbit: from n/a through <= 1.5.2. | |||||
| CVE-2021-31010 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2025-10-23 | 5.0 MEDIUM | 7.5 HIGH |
| A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the time of release.. | |||||
| CVE-2025-30012 | 1 Sap | 1 Supplier Relationship Management | 2025-10-23 | N/A | 10.0 CRITICAL |
| The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component, which allows an unauthenticated attacker to send malicious payload request in a specific encoding format. The servlet will then decode this malicious request which will result in deserialization of data in the application leading to execution of arbitrary OS command on target as SAP Administrator. This vulnerability has High impact on confidentiality, integrity, and availability of the application. | |||||
| CVE-2025-62025 | 2025-10-23 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch.This issue affects JobSearch: from n/a through < 3.0.8. | |||||
| CVE-2025-52740 | 2025-10-23 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in Hernan Villanueva Boldermail boldermail allows Object Injection.This issue affects Boldermail: from n/a through <= 2.4.0. | |||||
| CVE-2025-32283 | 2025-10-23 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in designthemes Solar Energy solar allows Object Injection.This issue affects Solar Energy: from n/a through <= 3.5. | |||||
| CVE-2025-31634 | 2025-10-23 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in designthemes Insurance insurance allows Object Injection.This issue affects Insurance: from n/a through <= 3.5. | |||||
| CVE-2025-60224 | 2025-10-23 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in wpshuffle Subscribe to Download subscribe-to-download allows Object Injection.This issue affects Subscribe to Download: from n/a through <= 2.0.9. | |||||
| CVE-2025-60221 | 2025-10-23 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Object Injection.This issue affects Captivate Sync: from n/a through <= 3.0.3. | |||||
| CVE-2025-60216 | 2025-10-23 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in BoldThemes Addison addison allows Object Injection.This issue affects Addison: from n/a through <= 1.4.2. | |||||
| CVE-2025-60215 | 2025-10-23 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in designthemes Kriya kriya allows Object Injection.This issue affects Kriya: from n/a through <= 3.4. | |||||
| CVE-2025-60212 | 2025-10-23 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in designthemes VEDA veda allows Object Injection.This issue affects VEDA: from n/a through <= 4.2. | |||||
| CVE-2025-60210 | 2025-10-23 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in wpeverest Everest Forms - Frontend Listing everest-forms-frontend-listing allows Object Injection.This issue affects Everest Forms - Frontend Listing: from n/a through <= 1.0.5. | |||||