Total
2124 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-60210 | 2025-11-13 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in wpeverest Everest Forms - Frontend Listing everest-forms-frontend-listing allows Object Injection.This issue affects Everest Forms - Frontend Listing: from n/a through <= 1.0.5. | |||||
| CVE-2025-60209 | 2025-11-13 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Object Injection.This issue affects Connector for Gravity Forms and Google Sheets: from n/a through <= 1.2.6. | |||||
| CVE-2025-60039 | 2025-11-13 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in rascals Noisa noisa allows Object Injection.This issue affects Noisa: from n/a through <= 2.6.0. | |||||
| CVE-2025-59007 | 2025-11-13 | N/A | 8.1 HIGH | ||
| Deserialization of Untrusted Data vulnerability in themesflat TF Woo Product Grid Addon For Elementor tf-woo-product-grid allows Object Injection.This issue affects TF Woo Product Grid Addon For Elementor: from n/a through <= 1.0.1. | |||||
| CVE-2025-58619 | 2025-11-13 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in sbouey Falang multilanguage falang allows Object Injection.This issue affects Falang multilanguage: from n/a through <= 1.3.65. | |||||
| CVE-2025-58592 | 2025-11-13 | N/A | 8.1 HIGH | ||
| Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress translatepress-multilingual allows Object Injection.This issue affects TranslatePress: from n/a through <= 2.10.2. | |||||
| CVE-2025-54719 | 2025-11-13 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in NooTheme Yogi - Health Beauty & Yoga noo-yogi allows Object Injection.This issue affects Yogi - Health Beauty & Yoga: from n/a through <= 2.9.2. | |||||
| CVE-2025-53586 | 2025-11-13 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in NooTheme WeMusic noo-wemusic allows Object Injection.This issue affects WeMusic: from n/a through <= 1.9.1. | |||||
| CVE-2025-53242 | 2025-11-13 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in VictorThemes Seil seil allows Object Injection.This issue affects Seil: from n/a through <= 1.7.1. | |||||
| CVE-2025-52740 | 2025-11-13 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in Hernan Villanueva Boldermail boldermail allows Object Injection.This issue affects Boldermail: from n/a through <= 2.4.0. | |||||
| CVE-2025-52737 | 2025-11-13 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in Tijmen Smit WP Store Locator wp-store-locator allows Object Injection.This issue affects WP Store Locator: from n/a through <= 2.2.260. | |||||
| CVE-2025-49393 | 2025-11-13 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets allows Object Injection.This issue affects Sign-up Sheets: from n/a through <= 2.3.2. | |||||
| CVE-2025-49386 | 2025-11-13 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Scott Reilly Preserve Code Formatting preserve-code-formatting allows Object Injection.This issue affects Preserve Code Formatting: from n/a through <= 4.0.1. | |||||
| CVE-2025-49380 | 2025-11-13 | N/A | 5.3 MEDIUM | ||
| Deserialization of Untrusted Data vulnerability in wpinstinct WooCommerce Vehicle Parts Finder woo-vehicle-parts-finder allows Object Injection.This issue affects WooCommerce Vehicle Parts Finder: from n/a through <= 3.7. | |||||
| CVE-2025-48086 | 2025-11-13 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in wpdreams Ajax Search Lite ajax-search-lite allows Object Injection.This issue affects Ajax Search Lite: from n/a through <= 4.13.3. | |||||
| CVE-2025-32283 | 2025-11-13 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in designthemes Solar Energy solar allows Object Injection.This issue affects Solar Energy: from n/a through <= 3.5. | |||||
| CVE-2025-31634 | 2025-11-13 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in designthemes Insurance insurance allows Object Injection.This issue affects Insurance: from n/a through <= 3.5. | |||||
| CVE-2025-63617 | 2025-11-12 | N/A | 6.5 MEDIUM | ||
| ktg-mes before commit a484f96 (2025-07-03) has a fastjson deserialization vulnerability. This is because it uses a vulnerable version of fastjson and deserializes unsafe input data. | |||||
| CVE-2025-26397 | 1 Solarwinds | 1 Observability Self-hosted | 2025-11-12 | N/A | 7.8 HIGH |
| SolarWinds Observability Self-Hosted is susceptible to Deserialization of Untrusted Data Local Privilege Escalation vulnerability. An attacker with low privileges can escalate privileges to run malicious files copied to a permission-protected folder. This vulnerability requires authentication from a low-level account and local access to the host server. | |||||
| CVE-2025-42944 | 2025-11-12 | N/A | 10.0 CRITICAL | ||
| Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high impact to the application's confidentiality, integrity, and availability. | |||||