High
CVSS: 8.7
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with an account on an affected CVAT instance is able to run arbitrary code in the context of the Nuclio function conta…
Medium
CVSS: 6.8
NVIDIA RAPIDS contains a vulnerability in cuDF and cuML, where a user could cause a deserialization of untrusted data issue. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and inf…
High
CVSS: 7.5
vLLM is a library for LLM inference and serving. vllm/model_executor/weight_utils.py implements hf_model_weights_iterator to load the model checkpoint, which is downloaded from huggingface. It uses the torch.load function and the weights_on…
Unknown
CVSS: -
Deserialization of Untrusted Data vulnerability in Pdfcrowd Dev Team Save as PDF save-as-pdf-by-pdfcrowd allows Object Injection.This issue affects Save as PDF: from n/a through
Unknown
CVSS: -
Deserialization of Untrusted Data vulnerability in ThimPress FundPress fundpress allows Object Injection.This issue affects FundPress: from n/a through
High
CVSS: 7.2
The Custom Product Tabs Lite for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.0 via deserialization of untrusted input from the 'frs_woo_product_tabs' parameter. This makes…
Critical
KEV CVSS: 9.8
Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote un…
Unknown
CVSS: -
Deserialization of Untrusted Data vulnerability in muzaara Muzaara Google Ads Report muzaara-adwords-optimize-dashboard allows Object Injection.This issue affects Muzaara Google Ads Report: from n/a through
High
CVSS: 8.8
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 allow an attacker on the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data.
Unknown
CVSS: -
Deserialization of Untrusted Data vulnerability in bulktheme WOOEXIM wooexim allows Object Injection.This issue affects WOOEXIM: from n/a through
Unknown
CVSS: -
Deserialization of Untrusted Data vulnerability in Marko-M Quick Count quick-count allows Object Injection.This issue affects Quick Count: from n/a through
High
CVSS: 7.2
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_content'] variable through the wpaicg_export_ai…
High
CVSS: 7.2
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_content'] variable through the wpaicg_export_pr…
Unknown
CVSS: -
Deserialization of Untrusted Data vulnerability in reputeinfosystems ARPrice arprice allows Object Injection.This issue affects ARPrice: from n/a through
Unknown
CVSS: -
Deserialization of Untrusted Data vulnerability in reputeinfosystems ARPrice arprice allows Object Injection.This issue affects ARPrice: from n/a through
High
CVSS: 8.8
The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.6 via deserialization of untrusted input in the 'recursive_unserialize_replace' function. This makes it possible for una…
High
CVSS: 7.2
The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote attackers with database modification privileges and regular system privileges to perform arbitrary code execution.
High
CVSS: 8.5
CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity
and potential remote code execution on workstation when a non-admin authenticated user opens a malicious
project file.
Medium
CVSS: 6.8
Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. If SVG or JPEGXL thumbnailers are enabled (they are disabled by default), a user may upload a file which claims to be either of these types and r…
Critical
CVSS: 9.1
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/editField.