CVE-2024-43354

CRITICAL EXPLOITED

myCred <= 2.7.2 - Deserialization of Untrusted Data

Title source: llm

CVE-2024-43354 has been observed exploited in the wild (reported by VulnCheck KEV).

Deserialization of Untrusted Data vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through <= 2.7.2.

Core 2

Core References

Vdb Entry vdb-entry

Third Party Advisory

CVSS v3 9.8

EPSS 0.0053

EPSS Percentile 40.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

VulnCheck KEV 2024-08-16

CWE

CWE-502

Status published

Products (2)

myCred/myCred < 2.7.2

Saad Iqbal/myCred < 2.7.2

Published Aug 19, 2024

Tracked Since Feb 18, 2026