Total
2348 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-12742 | 1 Ni | 1 G Web Development Software | 2025-07-13 | 7.8 High |
| A deserialization of untrusted data vulnerability exists in NI G Web Development Software that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects G Web Development Software 2022 Q3 and prior versions. | ||||
| CVE-2025-46481 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in Michael Cannon Flickr Shortcode Importer allows Object Injection. This issue affects Flickr Shortcode Importer: from n/a through 2.2.3. | ||||
| CVE-2024-56058 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Gueststream VRPConnector allows Object Injection.This issue affects VRPConnector: from n/a through 2.0.1. | ||||
| CVE-2024-49688 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This issue affects ARPrice: from n/a through 4.0.3. | ||||
| CVE-2025-49072 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in AncoraThemes Mr. Murphy allows Object Injection.This issue affects Mr. Murphy: from n/a before 1.2.12.1. | ||||
| CVE-2024-56291 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in plainware.com PlainInventory allows Object Injection.This issue affects PlainInventory: from n/a through 3.1.6. | ||||
| CVE-2024-37502 | 2 Wordpress, Wpweb | 2 Wordpress, Woocommerce Social Login | 2025-07-13 | 5.4 Medium |
| Deserialization of Untrusted Data vulnerability in wpweb WooCommerce Social Login.This issue affects WooCommerce Social Login: from n/a through 2.6.3. | ||||
| CVE-2024-13163 | 1 Ivanti | 1 Endpoint Manager | 2025-07-13 | 7.8 High |
| Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. | ||||
| CVE-2024-29800 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 8 High |
| Deserialization of Untrusted Data vulnerability in Timber Team & Contributors Timber.This issue affects Timber: from n/a through 1.23.0. | ||||
| CVE-2025-26999 | 1 Metagauss | 1 Profilegrid | 2025-07-13 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Metagauss ProfileGrid allows Object Injection. This issue affects ProfileGrid : from n/a through 5.9.4.3. | ||||
| CVE-2025-32143 | 2 Pickplugins, Wordpress | 2 Accordion, Wordpress | 2025-07-13 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in PickPlugins Accordion allows Object Injection. This issue affects Accordion: from n/a through 2.3.10. | ||||
| CVE-2021-27017 | 1 Puppet | 1 Puppet Agent | 2025-07-12 | 6.6 Medium |
| Utilization of a module presented a security risk by allowing the deserialization of untrusted/user supplied data. This is resolved in the Puppet Agent 7.4.0 release. | ||||
| CVE-2025-39551 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Mahmudul Hasan Arif FluentBoards allows Object Injection. This issue affects FluentBoards: from n/a through 1.47. | ||||
| CVE-2024-53247 | 1 Splunk | 2 Splunk Enterprise, Splunk Secure Gateway | 2025-07-12 | 8.8 High |
| In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.4.261 and 3.7.13 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could perform a Remote Code Execution (RCE). | ||||
| CVE-2025-27286 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in saoshyant1994 Saoshyant Slider allows Object Injection. This issue affects Saoshyant Slider: from n/a through 3.0. | ||||
| CVE-2025-47683 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in Florent Maillefaud WP Maintenance allows Object Injection. This issue affects WP Maintenance: from n/a through 6.1.9.7. | ||||
| CVE-2025-31430 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in themeton The Business allows Object Injection. This issue affects The Business: from n/a through 1.6.1. | ||||
| CVE-2025-32293 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in designthemes Finance Consultant allows Object Injection. This issue affects Finance Consultant: from n/a through 2.8. | ||||
| CVE-2024-54282 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in Themeum WP Mega Menu allows Object Injection.This issue affects WP Mega Menu: from n/a through 1.4.2. | ||||
| CVE-2024-30229 | 2 Givewp, Wordpress | 2 Givewp, Wordpress | 2025-07-12 | 8 High |
| Deserialization of Untrusted Data vulnerability in GiveWP.This issue affects GiveWP: from n/a through 3.4.2. | ||||