An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request.
A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It has been declared as critical. This vulnerability affects unknown code of the file /Control/Api/Api.php. The manipulation of the argument
Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with.
A vulnerability, which was classified as critical, was found in yiisoft Yii2 up to 2.0.39. This affects the function Generate of the file phpunit\src\Framework\MockObject\MockClass.php. The manipulati
IBM Standards Processing Engine 10.0.1.10 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe java deserialization. By sending specially crafted input, an attack
A vulnerability has been found in BoyunCMS up to 1.21 on PHP7 and classified as critical. Affected by this vulnerability is an unknown functionality of the file install/install2.php of the component I
A vulnerability, which was classified as critical, was found in HuangDou UTCMS V9. This affects an unknown part of the file app/modules/ut-template/admin/template_creat.php. The manipulation of the ar
Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form block, and File/Set components that lack the allowed_classes restriction. An unauthenticate
Deserialization of Untrusted Data vulnerability in AncoraThemes Mr. Murphy mr-murphy allows Object Injection.This issue affects Mr. Murphy: from n/a through < 1.2.12.1.
A vulnerability was found in ChurchCRM up to 5.18.0. This vulnerability affects unknown code of the file setup/routes/setup.php. Performing a manipulation of the argument DB_PASSWORD/ROOT_PATH/URL res
A vulnerability was found in SourceCodester Modern Loan Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file update_loan_record.php. The manipula
Deserialization of Untrusted Data vulnerability in PickPlugins Question Answer question-answer allows Object Injection.This issue affects Question Answer: from n/a through <= 1.2.73.
A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /collect/getArticle. The manipul
NVIDIA DALI contains a vulnerability where an attacker could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to arbitrary code execution.
Deserialization of Untrusted Data vulnerability in NextScripts NextScripts social-networks-auto-poster-facebook-twitter-g allows Object Injection.This issue affects NextScripts: from n/a through <= 4.
A PHP Code Injection vulnerability that can lead to Remote Code Execution (RCE) and XSS in Opencode Mobile Collect Call v5.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted p
Deserialization of Untrusted Data vulnerability in Drupal Mailjet allows Object Injection.This issue affects Mailjet: from 0.0.0 before 4.0.1.
NVIDIA Isaac Lab contains a deserialization vulnerability. A successful exploit of this vulnerability might lead to code execution.
Insecure deserialization in Hodoku v2.3.0 to v2.3.2 allows attackers to execute arbitrary code.
Deserialization of Untrusted Data vulnerability in AncoraThemes Jarvis – Night Club, Concert, Festival WordPress jarvis allows Object Injection.This issue affects Jarvis – Night Club, Concert, Festiva