DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data.
DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms.
DevExpress before 23.1.3 allows arbitrary TypeConverter conversion.
DevExpress before 23.1.3 allows AsyncDownloader SSRF.
Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12, the patch introduced to mitigate DB2 JDBC deserialization remote code execution attacks only b
Deserialization of Untrusted Data vulnerability in Drupal Node export allows Object Injection.This issue affects Node export: from 7.X-* before 7.X-3.3.
Insecure deserialization in Hodoku v2.3.0 to v2.3.2 allows attackers to execute arbitrary code.
A vulnerability was determined in 1Panel-dev MaxKB up to 2.0.2/2.1.0. This issue affects some unknown processing of the file /admin/api/workspace/default/tool/debug. Executing manipulation of the argu
CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be
remotely executed on the server when unsafely deserialized data is posted to the web server.
Deserialization of Untrusted Data vulnerability in ThimPress Course Builder course-builder allows Object Injection.This issue affects Course Builder: from n/a through < 3.6.6.
Deserialization of Untrusted Data vulnerability in impleCode eCommerce Product Catalog ecommerce-product-catalog allows Object Injection.This issue affects eCommerce Product Catalog: from n/a through
Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1.
An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks. This issue affects all version
Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Elementor Forms + Drag And Drop Template Builder pdf-for-elementor-forms allows Object Injection.This issue affects PDF for Eleme
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted D
CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution and compromise of system integrity when authenticated users send crafted data to a network-expose
Deserialization of Untrusted Data vulnerability in Drupal Mailjet allows Object Injection.This issue affects Mailjet: from 0.0.0 before 4.0.1.
CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stre
We found a vulnerability Improper Restriction of XML External Entity Reference (CWE-611) in NB-series NX-Designer. Attackers may be able to abuse this vulnerability to disclose confidential data on a
Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress translatepress-multilingual allows Object Injection.This issue affects TranslatePress: from n/a through <= 2.9.6.
Page 1+ Next →