Search Results (2936 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-5352 1 Anji-plus 1 Aj-report 2025-03-01 6.3 Medium
A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been rated as critical. Affected by this issue is the function validationRules of the component com.anjiplus.template.gaea.business.modules.datasetparam.controller.DataSetParamController#verification. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266264.
CVE-2024-5351 1 Anji-plus 1 Aj-report 2025-03-01 6.3 Medium
A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been declared as critical. Affected by this vulnerability is the function getValueFromJs of the component Javascript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266263.
CVE-2024-37099 2 Givewp, Liquidweb 2 Givewp, Givewp 2025-02-28 10 Critical
Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.14.1.
CVE-2023-21744 1 Microsoft 2 Sharepoint Foundation, Sharepoint Server 2025-02-28 8.8 High
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2023-21745 1 Microsoft 1 Exchange Server 2025-02-28 8 High
Microsoft Exchange Server Spoofing Vulnerability
CVE-2023-21762 1 Microsoft 1 Exchange Server 2025-02-28 8 High
Microsoft Exchange Server Spoofing Vulnerability
CVE-2023-21707 1 Microsoft 1 Exchange Server 2025-02-28 8.8 High
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-21710 1 Microsoft 1 Exchange Server 2025-02-28 7.2 High
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-28310 1 Microsoft 1 Exchange Server 2025-02-28 8 High
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-32031 1 Microsoft 1 Exchange Server 2025-02-28 8.8 High
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-33134 1 Microsoft 1 Sharepoint Server 2025-02-28 8.8 High
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2023-33160 1 Microsoft 1 Sharepoint Server 2025-02-28 8.8 High
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2023-40595 1 Splunk 2 Splunk, Splunk Cloud Platform 2025-02-28 8.8 High
In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code.
CVE-2024-45733 2 Microsoft, Splunk 3 Windows, Splunk, Splunk Enterprise 2025-02-28 8.8 High
In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) due to an insecure session storage configuration.
CVE-2023-35388 1 Microsoft 1 Exchange Server 2025-02-27 8 High
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-38182 1 Microsoft 1 Exchange Server 2025-02-27 8 High
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-38181 1 Microsoft 1 Exchange Server 2025-02-27 8.8 High
Microsoft Exchange Server Spoofing Vulnerability
CVE-2023-38204 1 Adobe 1 Coldfusion 2025-02-27 9.8 Critical
Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
CVE-2023-5391 1 Schneider-electric 3 Ecostruxure Power Monitoring Expert, Ecostruxure Power Operation With Advanced Reports, Ecostruxure Power Scada Operation With Advanced Reports 2025-02-27 9.8 Critical
A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the application.
CVE-2023-28667 1 Leadgenerated 1 Lead Generated 2025-02-25 9.8 Critical
The Lead Generated WordPress Plugin, version <= 1.23, was affected by an unauthenticated insecure deserialization issue. The tve_labels parameter of the tve_api_form_submit action is passed to the PHP unserialize() function without being sanitized or verified, and as a result could lead to PHP object injection, which when combined with certain class implementations / gadget chains could be leveraged to perform a variety of malicious actions granted a POP chain is also present.