Total
1809 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-30285 | 1 Adobe | 1 Coldfusion | 2025-04-18 | 8.4 High |
| ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction and scope is changed. | ||||
| CVE-2025-30284 | 1 Adobe | 1 Coldfusion | 2025-04-18 | 8.4 High |
| ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction and scope is changed. | ||||
| CVE-2025-29953 | 2025-04-18 | N/A | ||
| Deserialization of Untrusted Data vulnerability in Apache ActiveMQ NMS OpenWire Client. This issue affects Apache ActiveMQ NMS OpenWire Client before 2.1.1 when performing connections to untrusted servers. Such servers could abuse the unbounded deserialization in the client to provide malicious responses that may eventually cause arbitrary code execution on the client. Version 2.1.0 introduced a allow/denylist feature to restrict deserialization, but this feature could be bypassed. The .NET team has deprecated the built-in .NET binary serialization feature starting with .NET 9 and suggests migrating away from binary serialization. The project is considering to follow suit and drop this part of the NMS API altogether. Users are recommended to upgrade to version 2.1.1, which fixes the issue. We also recommend to migrate away from relying on .NET binary serialization as a hardening method for the future. | ||||
| CVE-2025-24447 | 1 Adobe | 1 Coldfusion | 2025-04-18 | 9.1 Critical |
| ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. | ||||
| CVE-2025-32434 | 2025-04-18 | N/A | ||
| PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0. | ||||
| CVE-2024-1685 | 1 Sygnoos | 1 Social Media Share Buttons | 2025-04-18 | 8.8 High |
| The Social Media Share Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.1.0 via deserialization of untrusted input through the attachmentUrl parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | ||||
| CVE-2023-32795 | 1 Woocommerce | 1 Product Addons | 2025-04-17 | 8.2 High |
| Deserialization of Untrusted Data vulnerability in WooCommerce Product Add-Ons.This issue affects Product Add-Ons: from n/a through 6.1.3. | ||||
| CVE-2025-27287 | 2025-04-17 | 9.8 Critical | ||
| Deserialization of Untrusted Data vulnerability in ssvadim SS Quiz allows Object Injection. This issue affects SS Quiz: from n/a through 2.0.5. | ||||
| CVE-2025-27286 | 2025-04-17 | 9.8 Critical | ||
| Deserialization of Untrusted Data vulnerability in saoshyant1994 Saoshyant Slider allows Object Injection. This issue affects Saoshyant Slider: from n/a through 3.0. | ||||
| CVE-2025-32571 | 2025-04-17 | 8.8 High | ||
| Deserialization of Untrusted Data vulnerability in turitop TuriTop Booking System allows Object Injection. This issue affects TuriTop Booking System: from n/a through 1.0.10. | ||||
| CVE-2025-32658 | 2025-04-17 | 9.8 Critical | ||
| Deserialization of Untrusted Data vulnerability in wpWax HelpGent allows Object Injection. This issue affects HelpGent: from n/a through 2.2.4. | ||||
| CVE-2025-32686 | 2025-04-17 | 8.8 High | ||
| Deserialization of Untrusted Data vulnerability in WP Speedo Team Members allows Object Injection. This issue affects Team Members: from n/a through 3.4.0. | ||||
| CVE-2025-39527 | 2025-04-17 | 8.8 High | ||
| Deserialization of Untrusted Data vulnerability in bestwebsoft Rating by BestWebSoft allows Object Injection. This issue affects Rating by BestWebSoft: from n/a through 1.7. | ||||
| CVE-2025-39551 | 2025-04-17 | 9.8 Critical | ||
| Deserialization of Untrusted Data vulnerability in Mahmudul Hasan Arif FluentBoards allows Object Injection. This issue affects FluentBoards: from n/a through 1.47. | ||||
| CVE-2025-39588 | 2025-04-17 | 9.8 Critical | ||
| Deserialization of Untrusted Data vulnerability in bdthemes Ultimate Store Kit Elementor Addons allows Object Injection. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.4.0. | ||||
| CVE-2025-32662 | 2025-04-17 | 8.8 High | ||
| Deserialization of Untrusted Data vulnerability in Stylemix uListing allows Object Injection. This issue affects uListing: from n/a through 2.2.0. | ||||
| CVE-2025-32572 | 2025-04-17 | 9.8 Critical | ||
| Deserialization of Untrusted Data vulnerability in Climax Themes Kata Plus allows Object Injection. This issue affects Kata Plus: from n/a through 1.5.2. | ||||
| CVE-2025-32647 | 2025-04-17 | 8.8 High | ||
| Deserialization of Untrusted Data vulnerability in PickPlugins Question Answer allows Object Injection. This issue affects Question Answer: from n/a through 1.2.70. | ||||
| CVE-2025-39550 | 2025-04-17 | 9.8 Critical | ||
| Deserialization of Untrusted Data vulnerability in Shahjahan Jewel FluentCommunity allows Object Injection. This issue affects FluentCommunity: from n/a through 1.2.15. | ||||
| CVE-2023-51470 | 1 Boiteasite | 1 Rencontre | 2025-04-17 | 9.9 Critical |
| Deserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.11.1. | ||||