Total
1479 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-30227 | 2024-11-21 | N/A | 9.0 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo Controller.This issue affects Geo Controller: from n/a through 8.6.4. | |||||
| CVE-2024-30226 | 2024-11-21 | N/A | 9.0 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in WPDeveloper BetterDocs.This issue affects BetterDocs: from n/a through 3.3.3. | |||||
| CVE-2024-30225 | 2024-11-21 | N/A | 10.0 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP Migrate.This issue affects WP Migrate: from n/a through 2.6.10. | |||||
| CVE-2024-30224 | 2024-11-21 | N/A | 10.0 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.2. | |||||
| CVE-2024-30223 | 2024-11-21 | N/A | 9.0 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26. | |||||
| CVE-2024-30222 | 2024-11-21 | N/A | 8.5 HIGH | ||
| Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26. | |||||
| CVE-2024-30221 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| Deserialization of Untrusted Data vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.1.1. | |||||
| CVE-2024-30044 | 2024-11-21 | N/A | 7.2 HIGH | ||
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||
| CVE-2024-30042 | 2024-11-21 | N/A | 7.8 HIGH | ||
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2024-2721 | 2024-11-21 | N/A | 8.2 HIGH | ||
| Deserialization of Untrusted Data vulnerability in Social Media Share Buttons By Sygnoos Social Media Share Buttons.This issue affects Social Media Share Buttons: from n/a through 2.1.0. | |||||
| CVE-2024-2229 | 2024-11-21 | N/A | 7.8 HIGH | ||
| CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution when a malicious project file is loaded into the application by a valid user. | |||||
| CVE-2024-2054 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. | |||||
| CVE-2024-29800 | 2024-11-21 | N/A | 8.0 HIGH | ||
| Deserialization of Untrusted Data vulnerability in Timber Team & Contributors Timber.This issue affects Timber: from n/a through 1.23.0. | |||||
| CVE-2024-29433 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| A deserialization vulnerability in the FASTJSON component of Alldata v0.4.6 allows attackers to execute arbitrary commands via supplying crafted data. | |||||
| CVE-2024-29212 | 2024-11-21 | N/A | 9.9 CRITICAL | ||
| Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. | |||||
| CVE-2024-29136 | 2024-11-21 | N/A | 8.5 HIGH | ||
| Deserialization of Untrusted Data vulnerability in Themefic Tourfic.This issue affects Tourfic: from n/a through 2.11.17. | |||||
| CVE-2024-29040 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure `TPMS_ATTEST`. For the field `TPM2_GENERATED magic` of this structure any number can be used in the JSON structure. The verifier can receive a state which does not represent the actual, possibly malicious state of the device under test. The malicious device might get access to data it shouldn't, or can use services it shouldn't be able to. This issue has been patched in version 4.1.0. | |||||
| CVE-2024-29032 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21.2, deserializing json data using `qiskit_ibm_runtime.RuntimeDecoder` can lead to arbitrary code execution given a correctly formatted input string. Version 0.21.2 contains a fix for this issue. | |||||
| CVE-2024-28964 | 1 Dell | 1 Common Event Enabler | 2024-11-21 | N/A | 7.8 HIGH |
| Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in the context of the logged in user. Exploitation of this issue requires a victim to open a malicious file. | |||||
| CVE-2024-28861 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Symfony 1 is a community-driven fork of the 1.x branch of Symfony, a PHP framework for web projects. Starting in version 1.1.0 and prior to version 1.5.19, Symfony 1 has a gadget chain due to dangerous deserialization in `sfNamespacedParameterHolder` class that would enable an attacker to get remote code execution if a developer deserializes user input in their project. Version 1.5.19 contains a patch for the issue. | |||||