CVE & Exploit Intelligence Database

CVE-2023-5391 9.8 CRITICAL EPSS 0.00

A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the application.

CWE-502 Oct 04, 2023

CVE-2023-43176 8.8 HIGH EPSS 0.00

A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file.

CWE-502 Oct 03, 2023

CVE-2023-43268 8.8 HIGH EPSS 0.00

Deyue Remote Vehicle Management System v1.1 was discovered to contain a deserialization vulnerability.

CWE-502 Oct 02, 2023

CVE-2023-39410 7.5 HIGH EPSS 0.00

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.

CWE-502 Sep 29, 2023

CVE-2023-44273 9.8 CRITICAL EPSS 0.00

Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval.

CWE-502 Sep 28, 2023

CVE-2023-5183 9.9 CRITICAL EPSS 0.01

Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Authentication to the API is required to exploit this vulnerability. The flaw exists within the network_traffic API endpoint. An attacker can leverage this vulnerability to execute code in the context of the PCE’s operating system user.  

CWE-502 Sep 27, 2023

CVE-2023-43291 9.8 CRITICAL EPSS 0.18

Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to execute arbitrary code via the cache.php component.

CWE-502 Sep 27, 2023

CVE-2023-40044 10.0 CRITICAL KEV RANSOMWARE 2 PoCs Analysis NUCLEI EPSS 0.94

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.

CWE-502 Sep 27, 2023

CVE-2023-40619 9.8 CRITICAL 1 Writeup EPSS 0.03

phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma[]' POST parameter is deserialized.

CWE-502 Sep 20, 2023

CVE-2023-5016 6.3 MEDIUM EPSS 0.00

A vulnerability was found in spider-flow up to 0.5.0. It has been declared as critical. Affected by this vulnerability is the function DriverManager.getConnection of the file src/main/java/org/spiderflow/controller/DataSourceController.java of the component API. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239857 was assigned to this vulnerability.

CWE-502 Sep 17, 2023

CVE-2023-32665 5.5 MEDIUM EPSS 0.00

A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.

CWE-502 Sep 14, 2023

CVE-2023-32636 4.7 MEDIUM EPSS 0.00

A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.

CWE-502 Sep 14, 2023

CVE-2023-38204 9.8 CRITICAL EXPLOITED EPSS 0.75

Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.

CWE-502 Sep 14, 2023

CVE-2023-38155 7.0 HIGH EPSS 0.00

Azure DevOps Server Remote Code Execution Vulnerability

CWE-502 Sep 12, 2023

CVE-2023-36777 5.7 MEDIUM EPSS 0.01

Microsoft Exchange Server Information Disclosure Vulnerability

CWE-502 Sep 12, 2023

CVE-2023-36757 8.0 HIGH EPSS 0.00

Microsoft Exchange Server Spoofing Vulnerability

CWE-502 Sep 12, 2023

CVE-2023-36756 8.0 HIGH EPSS 0.00

Microsoft Exchange Server Remote Code Execution Vulnerability

CWE-502 Sep 12, 2023

CVE-2023-36745 8.0 HIGH EXPLOITED 1 PoC Analysis EPSS 0.74

Microsoft Exchange Server Remote Code Execution Vulnerability

CWE-502 Sep 12, 2023

CVE-2023-36744 8.0 HIGH EPSS 0.00

Microsoft Exchange Server Remote Code Execution Vulnerability

CWE-502 Sep 12, 2023

CVE-2023-36736 4.4 MEDIUM EPSS 0.00

Microsoft Identity Linux Broker Remote Code Execution Vulnerability

CWE-502 Sep 12, 2023