Total
2118 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6580 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in D-Link DIR-846 FW100A53DBR. This affects an unknown part of the file /HNAP1/ of the component QoS POST Handler. The manipulation of the argument smartqos_express_devices/smartqos_normal_devices leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247161 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-5391 | 1 Schneider-electric | 3 Ecostruxure Power Monitoring Expert, Ecostruxure Power Operation With Advanced Reports, Ecostruxure Power Scada Operation With Advanced Reports | 2024-11-21 | N/A | 9.8 CRITICAL |
| A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the application. | |||||
| CVE-2023-5183 | 1 Illumio | 1 Core Policy Compute Engine | 2024-11-21 | N/A | 9.9 CRITICAL |
| Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Authentication to the API is required to exploit this vulnerability. The flaw exists within the network_traffic API endpoint. An attacker can leverage this vulnerability to execute code in the context of the PCE’s operating system user. | |||||
| CVE-2023-5016 | 1 Ssssssss | 1 Spider-flow | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in spider-flow up to 0.5.0. It has been declared as critical. Affected by this vulnerability is the function DriverManager.getConnection of the file src/main/java/org/spiderflow/controller/DataSourceController.java of the component API. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239857 was assigned to this vulnerability. | |||||
| CVE-2023-52225 | 1 Taggbox | 1 Taggbox | 2024-11-21 | N/A | 10.0 CRITICAL |
| Deserialization of Untrusted Data vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics.This issue affects Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics: from n/a through 3.1. | |||||
| CVE-2023-52219 | 1 Gecka | 1 Terms Thumbnails | 2024-11-21 | N/A | 9.9 CRITICAL |
| Deserialization of Untrusted Data vulnerability in Gecka Gecka Terms Thumbnails.This issue affects Gecka Terms Thumbnails: from n/a through 1.1. | |||||
| CVE-2023-52218 | 1 Antonbond | 1 Woocommerce Tranzila Payment Gateway | 2024-11-21 | N/A | 10.0 CRITICAL |
| Deserialization of Untrusted Data vulnerability in Anton Bond Woocommerce Tranzila Payment Gateway.This issue affects Woocommerce Tranzila Payment Gateway: from n/a through 1.0.8. | |||||
| CVE-2023-52207 | 1 Svnlabs | 1 Html5 Mp3 Player With Playlist Free | 2024-11-21 | N/A | 9.1 CRITICAL |
| Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Playlist Free.This issue affects HTML5 MP3 Player with Playlist Free: from n/a through 3.0.0. | |||||
| CVE-2023-52206 | 1 Blueastral | 1 Page Builder\ | 2024-11-21 | N/A | 7.7 HIGH |
| Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer live-composer-page-builder.This issue affects Page Builder: Live Composer: from n/a through 1.5.25. | |||||
| CVE-2023-52205 | 1 Svnlabs | 1 Html5 Soundcloud Player With Playlist Free | 2024-11-21 | N/A | 9.1 CRITICAL |
| Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 SoundCloud Player with Playlist Free.This issue affects HTML5 SoundCloud Player with Playlist Free: from n/a through 2.8.0. | |||||
| CVE-2023-52202 | 1 Svnlabs | 1 Html5 Mp3 Player With Folder Feedburner Playlist Free | 2024-11-21 | N/A | 9.1 CRITICAL |
| Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Folder Feedburner Playlist Free.This issue affects HTML5 MP3 Player with Folder Feedburner Playlist Free: from n/a through 2.8.0. | |||||
| CVE-2023-52200 | 1 Reputeinfosystems | 1 Armember | 2024-11-21 | N/A | 9.6 CRITICAL |
| Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup.This issue affects ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup: n/a. | |||||
| CVE-2023-52182 | 1 Ari-soft | 1 Ari Stream Quiz | 2024-11-21 | N/A | 9.9 CRITICAL |
| Deserialization of Untrusted Data vulnerability in ARI Soft ARI Stream Quiz – WordPress Quizzes Builder.This issue affects ARI Stream Quiz – WordPress Quizzes Builder: from n/a through 1.3.0. | |||||
| CVE-2023-52181 | 1 Presslabs | 1 Theme Per User | 2024-11-21 | N/A | 10.0 CRITICAL |
| Deserialization of Untrusted Data vulnerability in Presslabs Theme per user.This issue affects Theme per user: from n/a through 1.0.1. | |||||
| CVE-2023-51700 | 1 Jamieblomerus | 1 Unofficial Mobile Bankid Integration | 2024-11-21 | N/A | 6.4 MEDIUM |
| Unofficial Mobile BankID Integration for WordPress lets users employ Mobile BankID to authenticate themselves on your WordPress site. Prior to 1.0.1, WP-Mobile-BankID-Integration is affected by a vulnerability classified as a Deserialization of Untrusted Data vulnerability, specifically impacting scenarios where an attacker can manipulate the database. If unauthorized actors gain access to the database, they could exploit this vulnerability to execute object injection attacks. This could lead to unauthorized code execution, data manipulation, or data exfiltration within the WordPress environment. Users of the plugin should upgrade to version 1.0.1 (or later), where the serialization and deserialization of OrderResponse objects have been switched out to an array stored as JSON. A possible workaround for users unable to upgrade immediately is to enforce stricter access controls on the database, ensuring that only trusted and authorized entities can modify data. Additionally, implementing monitoring tools to detect unusual database activities could help identify and mitigate potential exploitation attempts. | |||||
| CVE-2023-51545 | 1 Themehigh | 1 Job Manager \& Career | 2024-11-21 | N/A | 9.6 CRITICAL |
| Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager & Career – Manage job board listings, and recruitments.This issue affects Job Manager & Career – Manage job board listings, and recruitments: from n/a through 1.4.4. | |||||
| CVE-2023-51505 | 1 Pluginus | 1 Woot | 2024-11-21 | N/A | 10.0 CRITICAL |
| Deserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store.This issue affects Active Products Tables for WooCommerce. Professional products tables for WooCommerce store : from n/a through 1.0.6. | |||||
| CVE-2023-51470 | 1 Boiteasite | 1 Rencontre | 2024-11-21 | N/A | 9.9 CRITICAL |
| Deserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.11.1. | |||||
| CVE-2023-51422 | 1 Saleswonder | 1 Webinarignition | 2024-11-21 | N/A | 9.9 CRITICAL |
| Deserialization of Untrusted Data vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition.This issue affects Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition: from n/a through 3.05.0. | |||||
| CVE-2023-51414 | 1 Donweb | 1 Envialosimple\ | 2024-11-21 | N/A | 9.6 CRITICAL |
| Deserialization of Untrusted Data vulnerability in EnvialoSimple EnvíaloSimple: Email Marketing y Newsletters.This issue affects EnvíaloSimple: Email Marketing y Newsletters: from n/a through 2.1. | |||||