Total
2183 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-30228 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 9.9 Critical |
| Deserialization of Untrusted Data vulnerability in Hercules Design Hercules Core.This issue affects Hercules Core : from n/a through 6.4. | ||||
| CVE-2025-39354 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Conference allows Object Injection.This issue affects Grand Conference: from n/a through 5.2. | ||||
| CVE-2025-39356 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Chimpstudio Foodbakery Sticky Cart allows Object Injection.This issue affects Foodbakery Sticky Cart: from n/a through 3.2. | ||||
| CVE-2024-12742 | 1 Ni | 1 G Web Development Software | 2025-07-13 | 7.8 High |
| A deserialization of untrusted data vulnerability exists in NI G Web Development Software that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects G Web Development Software 2022 Q3 and prior versions. | ||||
| CVE-2024-24551 | 1 Bludit | 1 Bludit | 2025-07-13 | N/A |
| A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files. | ||||
| CVE-2025-46481 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in Michael Cannon Flickr Shortcode Importer allows Object Injection. This issue affects Flickr Shortcode Importer: from n/a through 2.2.3. | ||||
| CVE-2024-56058 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Gueststream VRPConnector allows Object Injection.This issue affects VRPConnector: from n/a through 2.0.1. | ||||
| CVE-2024-49688 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This issue affects ARPrice: from n/a through 4.0.3. | ||||
| CVE-2025-49072 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in AncoraThemes Mr. Murphy allows Object Injection.This issue affects Mr. Murphy: from n/a before 1.2.12.1. | ||||
| CVE-2024-56291 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in plainware.com PlainInventory allows Object Injection.This issue affects PlainInventory: from n/a through 3.1.6. | ||||
| CVE-2024-37502 | 2 Wordpress, Wpweb | 2 Wordpress, Woocommerce Social Login | 2025-07-13 | 5.4 Medium |
| Deserialization of Untrusted Data vulnerability in wpweb WooCommerce Social Login.This issue affects WooCommerce Social Login: from n/a through 2.6.3. | ||||
| CVE-2024-13163 | 1 Ivanti | 1 Endpoint Manager | 2025-07-13 | 7.8 High |
| Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. | ||||
| CVE-2024-29800 | 1 Wordpress | 1 Wordpress | 2025-07-13 | 8 High |
| Deserialization of Untrusted Data vulnerability in Timber Team & Contributors Timber.This issue affects Timber: from n/a through 1.23.0. | ||||
| CVE-2025-26999 | 1 Metagauss | 1 Profilegrid | 2025-07-13 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Metagauss ProfileGrid allows Object Injection. This issue affects ProfileGrid : from n/a through 5.9.4.3. | ||||
| CVE-2025-32143 | 2 Pickplugins, Wordpress | 2 Accordion, Wordpress | 2025-07-13 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in PickPlugins Accordion allows Object Injection. This issue affects Accordion: from n/a through 2.3.10. | ||||
| CVE-2021-27017 | 1 Puppet | 1 Puppet Agent | 2025-07-12 | 6.6 Medium |
| Utilization of a module presented a security risk by allowing the deserialization of untrusted/user supplied data. This is resolved in the Puppet Agent 7.4.0 release. | ||||
| CVE-2025-39551 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Mahmudul Hasan Arif FluentBoards allows Object Injection. This issue affects FluentBoards: from n/a through 1.47. | ||||
| CVE-2024-53247 | 1 Splunk | 2 Splunk Enterprise, Splunk Secure Gateway | 2025-07-12 | 8.8 High |
| In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.4.261 and 3.7.13 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could perform a Remote Code Execution (RCE). | ||||
| CVE-2024-30226 | 1 Wpdeveloper | 1 Betterdocs | 2025-07-12 | 9 Critical |
| Deserialization of Untrusted Data vulnerability in WPDeveloper BetterDocs.This issue affects BetterDocs: from n/a through 3.3.3. | ||||
| CVE-2025-27286 | 1 Wordpress | 1 Wordpress | 2025-07-12 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in saoshyant1994 Saoshyant Slider allows Object Injection. This issue affects Saoshyant Slider: from n/a through 3.0. | ||||