Total
2295 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-0344 | 1 Sap | 1 Commerce Cloud | 2025-10-31 | 9.8 Critical |
| Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection. | ||||
| CVE-2023-40044 | 1 Progress | 1 Ws Ftp Server | 2025-10-31 | 10 Critical |
| In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system. | ||||
| CVE-2025-42999 | 1 Sap | 1 Netweaver | 2025-10-31 | 9.1 Critical |
| SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system. | ||||
| CVE-2025-23006 | 1 Sonicwall | 15 Sma6200, Sma6200 Firmware, Sma6210 and 12 more | 2025-10-31 | 9.8 Critical |
| Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands. | ||||
| CVE-2022-35405 | 1 Zohocorp | 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro | 2025-10-31 | 9.8 Critical |
| Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.) | ||||
| CVE-2023-43208 | 1 Nextgen | 1 Mirth Connect | 2025-10-31 | 9.8 Critical |
| NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679. | ||||
| CVE-2024-40711 | 1 Veeam | 2 Backup \& Replication, Veeam Backup \& Replication | 2025-10-30 | 9.8 Critical |
| A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). | ||||
| CVE-2025-53690 | 1 Sitecore | 4 Experience Commerce, Experience Manager, Experience Platform and 1 more | 2025-10-30 | 9 Critical |
| Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0. | ||||
| CVE-2021-26857 | 1 Microsoft | 1 Exchange Server | 2025-10-30 | 7.8 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2022-41082 | 1 Microsoft | 1 Exchange Server | 2025-10-30 | 8 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2023-36777 | 1 Microsoft | 1 Exchange Server | 2025-10-30 | 5.7 Medium |
| Microsoft Exchange Server Information Disclosure Vulnerability | ||||
| CVE-2023-38155 | 1 Microsoft | 1 Azure Devops Server | 2025-10-30 | 7 High |
| Azure DevOps Server Remote Code Execution Vulnerability | ||||
| CVE-2023-36736 | 1 Microsoft | 1 Identity Linux Broker | 2025-10-30 | 4.4 Medium |
| Microsoft Identity Linux Broker Remote Code Execution Vulnerability | ||||
| CVE-2023-36744 | 1 Microsoft | 1 Exchange Server | 2025-10-30 | 8 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2023-36745 | 1 Microsoft | 1 Exchange Server | 2025-10-30 | 8 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2023-36756 | 1 Microsoft | 1 Exchange Server | 2025-10-30 | 8 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2023-36757 | 1 Microsoft | 1 Exchange Server | 2025-10-30 | 8 High |
| Microsoft Exchange Server Spoofing Vulnerability | ||||
| CVE-2025-0994 | 1 Trimble | 1 Cityworks | 2025-10-30 | 8.8 High |
| Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services (IIS) web server. | ||||
| CVE-2025-34292 | 1 Bewelcome | 1 Rox | 2025-10-30 | N/A |
| Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from deserialization of untrusted data. User-controlled input is passed to PHP's unserialize(): the POST parameter `formkit_memory_recovery` in \\RoxPostHandler::getCallbackAction and the 'memory cookie' read by \\RoxModelBase::getMemoryCookie (bwRemember). (1) If present, `formkit_memory_recovery` is processed and passed to unserialize(), and (2) restore-from-memory functionality calls unserialize() on the bwRemember cookie value. Gadget chains present in Rox and bundled libraries enable exploitation of object injection to write arbitrary files or achieve remote code execution. Successful exploitation can lead to full site compromise. This vulnerability was remediated with commit c60bf04 (2025-06-16). | ||||
| CVE-2025-62368 | 1 Taiga | 1 Taiga | 2025-10-30 | 9.1 Critical |
| Taiga is an open source project management platform. In versions 6.8.3 and earlier, a remote code execution vulnerability exists in the Taiga API due to unsafe deserialization of untrusted data. This issue is fixed in version 6.9.0. | ||||