Total
2275 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-14929 | 1 Huggingface | 1 Transformers | 2026-01-21 | N/A | 7.8 HIGH |
| Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of checkpoints. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28308. | |||||
| CVE-2026-21226 | 1 Microsoft | 1 Azure Sdk For Python | 2026-01-20 | N/A | 7.5 HIGH |
| Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-5499 | 1 Phpwcms | 1 Phpwcms | 2026-01-20 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical has been found in slackero phpwcms up to 1.9.45/1.10.8. Affected is the function is_file/getimagesize of the file image_resized.php. The manipulation of the argument imgfile leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.9.46 and 1.10.9 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2025-5498 | 1 Phpwcms | 1 Phpwcms | 2026-01-20 | 6.5 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been rated as critical. This issue affects the function file_get_contents/is_file of the file include/inc_lib/content/cnt21.readform.inc.php of the component Custom Source Tab. The manipulation of the argument cpage_custom leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.9.46 and 1.10.9 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2025-68038 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Object Injection.This issue affects Icegram Express Pro: from n/a through <= 5.9.11. | |||||
| CVE-2025-67911 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Tribulant Software Newsletters newsletters-lite allows Object Injection.This issue affects Newsletters: from n/a through <= 4.11. | |||||
| CVE-2025-67535 | 2026-01-20 | N/A | 6.5 MEDIUM | ||
| Deserialization of Untrusted Data vulnerability in WePlugins - WordPress Development Company WP Maps wp-google-map-plugin allows Object Injection.This issue affects WP Maps: from n/a through <= 4.8.6. | |||||
| CVE-2025-66073 | 2026-01-20 | N/A | 6.5 MEDIUM | ||
| Deserialization of Untrusted Data vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Object Injection.This issue affects WP Webhooks: from n/a through <= 3.3.8. | |||||
| CVE-2025-66055 | 2026-01-20 | N/A | 7.2 HIGH | ||
| Deserialization of Untrusted Data vulnerability in Icegram Email Subscribers & Newsletters email-subscribers allows Object Injection.This issue affects Email Subscribers & Newsletters: from n/a through <= 5.9.10. | |||||
| CVE-2025-64353 | 2026-01-20 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in Chouby Polylang polylang allows Object Injection.This issue affects Polylang: from n/a through <= 3.7.3. | |||||
| CVE-2025-64266 | 2026-01-20 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Object Injection.This issue affects Booking and Rental Manager: from n/a through <= 2.5.4. | |||||
| CVE-2025-64233 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in BoldThemes Codiqa codiqa allows Object Injection.This issue affects Codiqa: from n/a through < 1.2.8. | |||||
| CVE-2025-64227 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Object Injection.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.7. | |||||
| CVE-2025-64206 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in TieLabs Jannah jannah allows Object Injection.This issue affects Jannah: from n/a through <= 7.6.0. | |||||
| CVE-2025-62035 | 2026-01-20 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4. | |||||
| CVE-2025-62025 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch.This issue affects JobSearch: from n/a through < 3.0.8. | |||||
| CVE-2025-62008 | 2026-01-20 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in acowebs Product Table For WooCommerce product-table-for-woocommerce.This issue affects Product Table For WooCommerce: from n/a through <= 1.2.4. | |||||
| CVE-2025-60245 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user-manager allows Object Injection.This issue affects WP User Manager: from n/a through <= 2.9.12. | |||||
| CVE-2025-60238 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in universam UNIVERSAM universam-demo allows Object Injection.This issue affects UNIVERSAM: from n/a through <= 8.72.34. | |||||
| CVE-2025-60234 | 2026-01-20 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in designthemes Single Property single-property allows Object Injection.This issue affects Single Property: from n/a through <= 2.8. | |||||