Total
1525 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-34212 | 1 Apache | 1 Nifi | 2024-10-09 | 6.5 Medium |
| The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untrusted data from a remote location. The resolution validates the JNDI URL and restricts locations to a set of allowed schemes. You are recommended to upgrade to version 1.22.0 or later which fixes this issue. | ||||
| CVE-2023-3259 | 1 Dataprobe | 45 Iboot-pdu4-c20, Iboot-pdu4-c20 Firmware, Iboot-pdu4-n20 and 42 more | 2024-10-09 | 9.8 Critical |
| The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. By manipulating the IP address field in the "iBootPduSiteAuth" cookie, a malicious agent can direct the device to connect to a rouge database.Successful exploitation allows the malicious agent to take actions with administrator privileges including, but not limited to, manipulating power levels, modifying user accounts, and exporting confidential user information | ||||
| CVE-2021-4118 | 1 Lightningai | 1 Pytorch Lightning | 2024-10-09 | 7.8 High |
| pytorch-lightning is vulnerable to Deserialization of Untrusted Data | ||||
| CVE-2024-43466 | 1 Microsoft | 1 Sharepoint Server | 2024-10-09 | 6.5 Medium |
| Microsoft SharePoint Server Denial of Service Vulnerability | ||||
| CVE-2024-43464 | 1 Microsoft | 1 Sharepoint Server | 2024-10-09 | 7.2 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2024-38018 | 1 Microsoft | 1 Sharepoint Server | 2024-10-09 | 8.8 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2024-23513 | 1 Wp-property-hive | 1 Propertyhive | 2024-10-08 | 8.7 High |
| Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.5. | ||||
| CVE-2024-25100 | 1 Wpswings | 1 Coupon Referral Program | 2024-10-08 | 10 Critical |
| Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program.This issue affects Coupon Referral Program: from n/a through 1.7.2. | ||||
| CVE-2024-23512 | 1 Wpxpo | 1 Wowstore | 2024-10-08 | 8.7 High |
| Deserialization of Untrusted Data vulnerability in wpxpo ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks.This issue affects ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks: from n/a through 3.1.4. | ||||
| CVE-2024-24926 | 1 Unitedthemes | 2 Brooklyn, Brooklyn Creativie Multi Purpose Responsive Wordpress Theme | 2024-10-08 | 7.5 High |
| Deserialization of Untrusted Data vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through 4.9.7.6. | ||||
| CVE-2024-24797 | 1 G5plus | 1 Ere Recently Viewed | 2024-10-08 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed – Essential Real Estate Add-On.This issue affects ERE Recently Viewed – Essential Real Estate Add-On: from n/a through 1.3. | ||||
| CVE-2024-24796 | 1 Mage-people | 1 Event Manager And Tickets Selling For Woocommerce | 2024-10-08 | 8.2 High |
| Deserialization of Untrusted Data vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin.This issue affects Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin: from n/a through 4.1.1. | ||||
| CVE-2024-38024 | 1 Microsoft | 1 Sharepoint Server | 2024-10-08 | 7.2 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2024-38023 | 1 Microsoft | 1 Sharepoint Server | 2024-10-08 | 7.2 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2024-21318 | 1 Microsoft | 1 Sharepoint Server | 2024-10-08 | 8.8 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2023-33008 | 2 Apache, Redhat | 4 Johnzon, Amq Broker, Camel Spring Boot and 1 more | 2024-10-07 | 5.3 Medium |
| Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache Johnzon. A malicious attacker can craft up some JSON input that uses large numbers (numbers such as 1e20000000) that Apache Johnzon will deserialize into BigDecimal and maybe use numbers too large which may result in a slow conversion (Denial of service risk). Apache Johnzon 1.2.21 mitigates this by setting a scale limit of 1000 (by default) to the BigDecimal. This issue affects Apache Johnzon: through 1.2.20. | ||||
| CVE-2023-39106 | 1 Alibabacloud | 1 Nacos Spring Project | 2024-10-07 | 8.8 High |
| An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor() component. | ||||
| CVE-2019-0344 | 1 Sap | 1 Commerce Cloud | 2024-10-07 | 9.8 Critical |
| Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection. | ||||
| CVE-2017-3523 | 1 Oracle | 1 Connector\/j | 2024-10-04 | N/A |
| Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.40 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). | ||||
| CVE-2024-8922 | 1 Piwebsolution | 1 Product Enquiry For Woocommerce | 2024-10-04 | 8.8 High |
| The Product Enquiry for WooCommerce, WooCommerce product catalog plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.33.32 via deserialization of untrusted input in enquiry_detail.php. This makes it possible for authenticated attackers, with Author-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | ||||