Vulnerabilities (CVE)

Filtered by CWE-502
Total 1457 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-38182 1 Microsoft 1 Exchange Server 2024-05-29 N/A 8.0 HIGH
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-38181 1 Microsoft 1 Exchange Server 2024-05-29 N/A 8.8 HIGH
Microsoft Exchange Server Spoofing Vulnerability
CVE-2023-38177 1 Microsoft 2 Sharepoint Enterprise Server, Sharepoint Server 2024-05-29 N/A 6.8 MEDIUM
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2023-36439 1 Microsoft 1 Exchange Server 2024-05-29 N/A 8.0 HIGH
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-36050 1 Microsoft 1 Exchange Server 2024-05-29 N/A 8.0 HIGH
Microsoft Exchange Server Spoofing Vulnerability
CVE-2023-36039 1 Microsoft 1 Exchange Server 2024-05-29 N/A 8.0 HIGH
Microsoft Exchange Server Spoofing Vulnerability
CVE-2023-36035 1 Microsoft 1 Exchange Server 2024-05-29 N/A 8.0 HIGH
Microsoft Exchange Server Spoofing Vulnerability
CVE-2023-35388 1 Microsoft 1 Exchange Server 2024-05-29 N/A 8.0 HIGH
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-32031 1 Microsoft 1 Exchange Server 2024-05-29 N/A 8.8 HIGH
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-28310 1 Microsoft 1 Exchange Server 2024-05-29 N/A 8.0 HIGH
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-21529 1 Microsoft 1 Exchange Server 2024-05-29 N/A 8.8 HIGH
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2024-21318 1 Microsoft 1 Sharepoint Server 2024-05-29 N/A 8.8 HIGH
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-26289 2024-05-28 N/A 9.8 CRITICAL
Deserialization of Untrusted Data vulnerability in PMB Services PMB allows Remote Code Inclusion.This issue affects PMB: from 7.5.1 before 7.5.6-2, from 7.4.1 before 7.4.9, from 7.3.1 before 7.3.18.
CVE-2024-31879 2024-05-20 N/A 7.5 HIGH
IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. IBM X-Force ID: 287539.
CVE-2024-34751 2024-05-17 N/A 4.4 MEDIUM
Deserialization of Untrusted Data vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.9.
CVE-2024-3740 2024-05-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability, which was classified as critical, has been found in cym1102 nginxWebUI up to 3.9.9. This issue affects the function exec of the file /adminPage/conf/reload. The manipulation of the argument nginxExe leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260579.
CVE-2024-3431 2024-05-17 5.8 MEDIUM 4.7 MEDIUM
A vulnerability was found in EyouCMS 1.6.5. It has been declared as critical. This vulnerability affects unknown code of the file /login.php?m=admin&c=Field&a=channel_edit of the component Backend. The manipulation of the argument channel_id leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259612. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-1750 2024-05-17 5.1 MEDIUM 5.6 MEDIUM
A vulnerability, which was classified as critical, was found in TemmokuMVC up to 2.3. Affected is the function get_img_url/img_replace in the library lib/images_get_down.php of the component Image Download Handler. The manipulation leads to deserialization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254532. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-1748 2024-05-17 5.1 MEDIUM 5.0 MEDIUM
A vulnerability classified as critical was found in van_der_Schaar LAB AutoPrognosis 0.1.21. This vulnerability affects the function load_model_from_file of the component Release Note Handler. The manipulation leads to deserialization. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-254530 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-1353 1 Phpems 1 Phpems 2024-05-17 5.8 MEDIUM 9.8 CRITICAL
A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Affected by this issue is the function index of the file app/weixin/controller/index.api.php. The manipulation of the argument picurl leads to deserialization. The exploit has been disclosed to the public and may be used. VDB-253226 is the identifier assigned to this vulnerability.