Total
1363 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51470 | 1 Boiteasite | 1 Rencontre | 2024-01-05 | N/A | 8.8 HIGH |
| Deserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.11.1. | |||||
| CVE-2023-49773 | 1 Bcorp Shortcodes Project | 1 Bcorp Shortcodes | 2024-01-05 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in Tim Brattberg BCorp Shortcodes.This issue affects BCorp Shortcodes: from n/a through 0.23. | |||||
| CVE-2023-32513 | 1 Givewp | 1 Givewp | 2024-01-04 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.3. | |||||
| CVE-2023-32795 | 1 Woocommerce | 1 Product Addons | 2024-01-04 | N/A | 7.2 HIGH |
| Deserialization of Untrusted Data vulnerability in WooCommerce Product Add-Ons.This issue affects Product Add-Ons: from n/a through 6.1.3. | |||||
| CVE-2023-36381 | 1 Gesundheit-bewegt | 1 Zippy | 2024-01-04 | N/A | 8.8 HIGH |
| Deserialization of Untrusted Data vulnerability in Gesundheit Bewegt GmbH Zippy.This issue affects Zippy: from n/a through 1.6.5. | |||||
| CVE-2023-51700 | 1 Jamieblomerus | 1 Unofficial Mobile Bankid Integration | 2024-01-04 | N/A | 9.8 CRITICAL |
| Unofficial Mobile BankID Integration for WordPress lets users employ Mobile BankID to authenticate themselves on your WordPress site. Prior to 1.0.1, WP-Mobile-BankID-Integration is affected by a vulnerability classified as a Deserialization of Untrusted Data vulnerability, specifically impacting scenarios where an attacker can manipulate the database. If unauthorized actors gain access to the database, they could exploit this vulnerability to execute object injection attacks. This could lead to unauthorized code execution, data manipulation, or data exfiltration within the WordPress environment. Users of the plugin should upgrade to version 1.0.1 (or later), where the serialization and deserialization of OrderResponse objects have been switched out to an array stored as JSON. A possible workaround for users unable to upgrade immediately is to enforce stricter access controls on the database, ensuring that only trusted and authorized entities can modify data. Additionally, implementing monitoring tools to detect unusual database activities could help identify and mitigate potential exploitation attempts. | |||||
| CVE-2022-34268 | 1 Rws | 1 Worldserver | 2024-01-03 | N/A | 9.8 CRITICAL |
| An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host. | |||||
| CVE-2023-51656 | 1 Apache | 1 Iotdb | 2024-01-02 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended to upgrade to version 1.2.2, which fixes the issue. | |||||
| CVE-2023-49819 | 1 Wpsc-plugin | 1 Structured Content | 2024-01-02 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in Gordon Böhme, Antonio Leutsch Structured Content (JSON-LD) #wpsc.This issue affects Structured Content (JSON-LD) #wpsc: from n/a through 1.5.3. | |||||
| CVE-2023-7018 | 1 Huggingface | 1 Transformers | 2023-12-30 | N/A | 7.8 HIGH |
| Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. | |||||
| CVE-2021-24066 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2023-12-29 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft SharePoint Remote Code Execution Vulnerability | |||||
| CVE-2023-49772 | 1 Phpbits | 1 Genesis Simple Love | 2023-12-29 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in Phpbits Creative Studio Genesis Simple Love.This issue affects Genesis Simple Love: from n/a through 2.0. | |||||
| CVE-2023-32242 | 1 Xtemos | 1 Woodmart | 2023-12-29 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme.This issue affects WoodMart - Multipurpose WooCommerce Theme: from n/a through 1.0.36. | |||||
| CVE-2023-49778 | 1 Dmry | 1 Sayfa Sayac | 2023-12-29 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in Hakan Demiray Sayfa Sayac.This issue affects Sayfa Sayac: from n/a through 2.6. | |||||
| CVE-2023-49826 | 1 Pencidesign | 1 Soledad | 2023-12-29 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1. | |||||
| CVE-2021-34520 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2023-12-28 | 6.5 MEDIUM | 8.1 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||
| CVE-2023-28782 | 1 Gravityforms | 1 Gravity Forms | 2023-12-28 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. Gravity Forms.This issue affects Gravity Forms: from n/a through 2.7.3. | |||||
| CVE-2023-47507 | 1 Averta | 1 Master Slider Pro | 2023-12-28 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in Master Slider Master Slider Pro.This issue affects Master Slider Pro: from n/a through 3.6.5. | |||||
| CVE-2023-46147 | 1 Themify | 1 Themify Ultra | 2023-12-28 | N/A | 8.8 HIGH |
| Deserialization of Untrusted Data vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5. | |||||
| CVE-2023-40555 | 1 Uxthemes | 1 Flatsome | 2023-12-28 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in UX-themes Flatsome | Multi-Purpose Responsive WooCommerce Theme.This issue affects Flatsome | Multi-Purpose Responsive WooCommerce Theme: from n/a through 3.17.5. | |||||