Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-71358 |
|
Unsafe Deserialization in picklescan (CVE-2025-71358)
vulnerability in picklescan (CVE-2025-71358). Confidential information can be exposed externally. Mitigation: upgrade to `0.0.29` or later.
|
| CVE-2025-71354 |
|
Unsafe Deserialization in picklescan (CVE-2025-71354)
vulnerability in picklescan (CVE-2025-71354). Confidential information can be exposed externally. Mitigation: upgrade to `0.0.29` or later.
|
| CVE-2024-8069 KEV |
|
[KEV] Unsafe Deserialization in Citrix session-recording (CVE-2024-8069)
vulnerability in Citrix session-recording (CVE-2024-8069). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-54678 |
|
Unsafe Deserialization in CVE-2024-54678 (CVE-2024-54678)
vulnerability in CVE-2024-54678 (CVE-2024-54678). Successful exploitation can lead to full system takeover.
|
| CVE-2025-25691 |
|
Command Injection in deserialization (CVE-2025-25691)
command injection in deserialization (CVE-2025-25691). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-25692 |
|
Command Injection in deserialization (CVE-2025-25692)
command injection in deserialization (CVE-2025-25692). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-53770 KEV |
|
[KEV] Unsafe Deserialization in Microsoft sharepoint (CVE-2025-53770)
vulnerability in Microsoft sharepoint (CVE-2025-53770). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-24016 KEV |
|
[KEV] Unsafe Deserialization in wazuh (CVE-2025-24016)
vulnerability in wazuh (CVE-2025-24016). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-42999 KEV |
|
[KEV] Unsafe Deserialization in Sap netweaver (CVE-2025-42999)
vulnerability in Sap netweaver (CVE-2025-42999). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-2251 |
|
Unsafe Deserialization in deserialization (CVE-2025-2251)
vulnerability in deserialization (CVE-2025-2251). Data can be tampered with by attackers.
|
| CVE-2025-24813 KEV |
|
[KEV] Vulnerability in Apache tomcat (CVE-2025-24813)
vulnerability in Apache tomcat (CVE-2025-24813). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-9875 KEV |
|
[KEV] Unsafe Deserialization in Sitecore cms-and-experience-platform-xp (CVE-2019-9875)
vulnerability in Sitecore cms-and-experience-platform-xp (CVE-2019-9875). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-9874 KEV |
|
[KEV] Unsafe Deserialization in Sitecore cms-and-experience-platform-xp (CVE-2019-9874)
vulnerability in Sitecore cms-and-experience-platform-xp (CVE-2019-9874). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-20953 KEV |
|
[KEV] Unsafe Deserialization in Oracle agile-product-lifecycle-management-plm (CVE-2024-20953)
vulnerability in Oracle agile-product-lifecycle-management-plm (CVE-2024-20953). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2017-3066 KEV |
|
[KEV] Unsafe Deserialization in Adobe coldfusion (CVE-2017-3066)
vulnerability in Adobe coldfusion (CVE-2017-3066). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-0994 KEV |
|
[KEV] Unsafe Deserialization in Trimble cityworks (CVE-2025-0994)
vulnerability in Trimble cityworks (CVE-2025-0994). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-23006 KEV |
|
[KEV] Unsafe Deserialization in Sonicwall sma1000-appliances (CVE-2025-23006)
vulnerability in Sonicwall sma1000-appliances (CVE-2025-23006). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-38094 KEV |
|
[KEV] Unsafe Deserialization in Microsoft sharepoint (CVE-2024-38094)
vulnerability in Microsoft sharepoint (CVE-2024-38094). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-40711 KEV |
|
[KEV] Unsafe Deserialization in Veeam backup-replication (CVE-2024-40711)
vulnerability in Veeam backup-replication (CVE-2024-40711). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-0344 KEV |
|
[KEV] Unsafe Deserialization in Sap commerce-cloud (CVE-2019-0344)
vulnerability in Sap commerce-cloud (CVE-2019-0344). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-21445 KEV |
|
[KEV] Unsafe Deserialization in Oracle adf-faces (CVE-2022-21445)
vulnerability in Oracle adf-faces (CVE-2022-21445). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-0618 KEV |
|
[KEV] Unsafe Deserialization in Microsoft sql-server (CVE-2020-0618)
vulnerability in Microsoft sql-server (CVE-2020-0618). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-44902 |
|
Unsafe Deserialization in deserialization (CVE-2024-44902)
vulnerability in deserialization (CVE-2024-44902). Successful exploitation can lead to full system takeover.
|
| CVE-2024-28986 KEV |
|
[KEV] Unsafe Deserialization in Solarwinds web-help-desk (CVE-2024-28986)
vulnerability in Solarwinds web-help-desk (CVE-2024-28986). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2018-0824 KEV |
|
[KEV] Unsafe Deserialization in Microsoft windows (CVE-2018-0824)
vulnerability in Microsoft windows (CVE-2018-0824). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-43208 KEV |
|
[KEV] Unsafe Deserialization in Nextgen healthcare nextgen-healthcare (CVE-2023-43208)
vulnerability in Nextgen healthcare nextgen-healthcare (CVE-2023-43208). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2018-15133 KEV |
|
[KEV] Unsafe Deserialization in laravel (CVE-2018-15133)
vulnerability in laravel (CVE-2018-15133). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-29300 KEV |
|
[KEV] Unsafe Deserialization in Adobe coldfusion (CVE-2023-29300)
vulnerability in Adobe coldfusion (CVE-2023-29300). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-38203 KEV |
|
[KEV] Unsafe Deserialization in Adobe coldfusion (CVE-2023-38203)
vulnerability in Adobe coldfusion (CVE-2023-38203). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-46604 KEV |
|
[KEV] Unsafe Deserialization in Apache activemq (CVE-2023-46604)
vulnerability in Apache activemq (CVE-2023-46604). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-40044 KEV |
|
[KEV] Unsafe Deserialization in Progress ws-ftp-server (CVE-2023-40044)
vulnerability in Progress ws-ftp-server (CVE-2023-40044). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-43176 |
|
Unsafe Deserialization in deserialization (CVE-2023-43176)
vulnerability in deserialization (CVE-2023-43176). Successful exploitation can lead to full system takeover.
|
| CVE-2023-26359 KEV |
|
[KEV] Unsafe Deserialization in Adobe coldfusion (CVE-2023-26359)
vulnerability in Adobe coldfusion (CVE-2023-26359). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-31199 KEV |
|
[KEV] Unsafe Deserialization in Netwrix auditor (CVE-2022-31199)
vulnerability in Netwrix auditor (CVE-2022-31199). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-29312 |
|
Unsafe Deserialization in zend (CVE-2020-29312)
vulnerability in zend (CVE-2020-29312). Successful exploitation can lead to full system takeover.
|
| CVE-2021-39144 KEV |
|
[KEV] Code Injection in xstream (CVE-2021-39144)
code injection in xstream (CVE-2021-39144). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-5741 KEV |
|
[KEV] Unsafe Deserialization in Plex media-server (CVE-2020-5741)
vulnerability in Plex media-server (CVE-2020-5741). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-47986 KEV |
|
[KEV] Unsafe Deserialization in Ibm aspera-faspex (CVE-2022-47986)
vulnerability in Ibm aspera-faspex (CVE-2022-47986). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-0669 KEV |
|
[KEV] Unsafe Deserialization in Fortra goanywhere-mft (CVE-2023-0669)
vulnerability in Fortra goanywhere-mft (CVE-2023-0669). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-35587 KEV |
|
[KEV] Unsafe Deserialization in Oracle fusion-middleware (CVE-2021-35587)
vulnerability in Oracle fusion-middleware (CVE-2021-35587). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-21624 |
|
Unsafe Deserialization in c (CVE-2022-21624)
vulnerability in c (CVE-2022-21624). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-41082 KEV |
|
[KEV] Unsafe Deserialization in Microsoft exchange-server (CVE-2022-41082)
vulnerability in Microsoft exchange-server (CVE-2022-41082). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-35405 KEV |
|
[KEV] Unsafe Deserialization in Zoho manageengine (CVE-2022-35405)
vulnerability in Zoho manageengine (CVE-2022-35405). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2018-2628 KEV |
|
[KEV] Unsafe Deserialization in Oracle weblogic-server (CVE-2018-2628)
vulnerability in Oracle weblogic-server (CVE-2018-2628). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-31010 KEV |
|
[KEV] Vulnerability in Apple ios (CVE-2021-31010)
vulnerability in Apple ios (CVE-2021-31010). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-32224 |
|
Unsafe Deserialization in activerecord (CVE-2022-32224)
vulnerability in activerecord (CVE-2022-32224). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.2.8.1` or later.
|
| CVE-2021-36665 |
|
Unsafe Deserialization in druva (CVE-2021-36665)
vulnerability in druva (CVE-2021-36665). Successful exploitation can lead to full system takeover.
|
| CVE-2019-15271 KEV |
|
[KEV] Unsafe Deserialization in Cisco rv-series-routers (CVE-2019-15271)
vulnerability in Cisco rv-series-routers (CVE-2019-15271). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-12868 |
|
Unsafe Deserialization in deserialization (CVE-2019-12868)
vulnerability in deserialization (CVE-2019-12868). Successful exploitation can lead to full system takeover.
|
| CVE-2022-25647 |
|
Unsafe Deserialization in com.google.code.gson:gson (CVE-2022-25647)
vulnerability in com.google.code.gson:gson (CVE-2022-25647). Data can be tampered with by attackers. Mitigation: upgrade to `2.8.9` or later.
|