Export limit exceeded: 361548 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (3042 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-30899 | 1 Siemens | 1 Siveillance Video | 2025-01-28 | 9.9 Critical |
| A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions < V21.1 HotfixRev12), Siveillance Video 2021 R2 (All versions < V21.2 HotfixRev8), Siveillance Video 2022 R1 (All versions < V22.1 HotfixRev7), Siveillance Video 2022 R2 (All versions < V22.2 HotfixRev5), Siveillance Video 2022 R3 (All versions < V22.3 HotfixRev2), Siveillance Video 2023 R1 (All versions < V23.1 HotfixRev1). The Management Server component of affected applications deserializes data without sufficient validations. This could allow an authenticated remote attacker to execute code on the affected system. | ||||
| CVE-2023-32336 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-01-27 | 8.8 High |
| IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. IBM X-Force ID: 255285. | ||||
| CVE-2023-20878 | 1 Vmware | 2 Cloud Foundation, Vrealize Operations | 2025-01-27 | 7.2 High |
| VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system. | ||||
| CVE-2023-31890 | 1 Glazedlists | 1 Glazed Lists | 2025-01-23 | 9.8 Critical |
| An XML Deserialization vulnerability in glazedlists v1.11.0 allows an attacker to execute arbitrary code via the BeanXMLByteCoder.decode() parameter. | ||||
| CVE-2024-3483 | 1 Microfocus | 1 Imanager | 2025-01-21 | 7.8 High |
| Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization issues. | ||||
| CVE-2024-3967 | 1 Microfocus | 1 Imanager | 2025-01-21 | 7.6 High |
| Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization. | ||||
| CVE-2023-1967 | 1 Keysight | 1 N8844a | 2025-01-16 | 9.8 Critical |
| Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid. | ||||
| CVE-2022-41778 | 1 Deltaww | 1 Infrasuite Device Master | 2025-01-16 | 9.8 Critical |
| Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-DataCollect service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon deserialization. | ||||
| CVE-2023-1139 | 1 Deltaww | 1 Infrasuite Device Master | 2025-01-16 | 8.8 High |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-gateway service, which could allow deserialization of requests prior to authentication, resulting in remote code execution. | ||||
| CVE-2023-1145 | 1 Deltaww | 1 Infrasuite Device Master | 2025-01-16 | 7.8 High |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution. | ||||
| CVE-2023-1399 | 1 Keysight | 2 N6854a, N6854a Firmware | 2025-01-16 | 7.8 High |
| N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which may allow a malicious actor to escalate privileges in the affected device’s default configuration and achieve remote code execution. | ||||
| CVE-2023-51389 | 1 Apache | 1 Hertzbeat | 2025-01-16 | 9.8 Critical |
| Hertzbeat is a real-time monitoring system. At the interface of `/define/yml`, SnakeYAML is used as a parser to parse yml content, but no security configuration is used, resulting in a YAML deserialization vulnerability. Version 1.4.1 fixes this vulnerability. | ||||
| CVE-2024-4200 | 1 Progress | 1 Telerik Reporting | 2025-01-16 | 7.7 High |
| In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. | ||||
| CVE-2024-23052 | 2 5kcrm, Wukongopensource | 2 Wukongcrm, Wukongcrm | 2025-01-16 | 9.8 Critical |
| An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute arbitrary code via the parseObject() function in the fastjson component. | ||||
| CVE-2024-1800 | 1 Progress | 1 Telerik Report Server | 2025-01-16 | 9.9 Critical |
| In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability. | ||||
| CVE-2022-4815 | 1 Hitachi | 2 Vantara Pentaho, Vantara Pentaho Business Analytics Server | 2025-01-16 | 8 High |
| Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods. | ||||
| CVE-2019-11458 | 1 Cakephp | 1 Cakephp | 2025-01-15 | N/A |
| An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserialized object with modified internal properties can trigger arbitrary file overwriting upon destruction. | ||||
| CVE-2024-3661 | 10 Apple, Cisco, Citrix and 7 more | 13 Iphone Os, Macos, Anyconnect Vpn Client and 10 more | 2025-01-15 | 7.6 High |
| DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN. | ||||
| CVE-2024-54676 | 1 Apache | 1 Openmeetings | 2025-01-15 | 9.8 Critical |
| Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data. Users are recommended to upgrade to version 8.0.0 and update their startup scripts to include the relevant 'openjpa.serialization.class.blacklist' and 'openjpa.serialization.class.whitelist' configurations as shown in the documentation. | ||||
| CVE-2023-2288 | 1 Themeisle | 1 Otter | 2025-01-10 | 8.8 High |
| The Otter WordPress plugin before 2.2.6 does not sanitize some user-controlled file paths before performing file operations on them. This leads to a PHAR deserialization vulnerability on PHP < 8.0 using the phar:// stream wrapper. | ||||