• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-1321

CVE-2018-6195

February 26, 2023 by

admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows authenticated (administrator, editor, or author) remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the ‘session’ HTTP GET parameter to wp-admin/upload.php.

CVE-2018-3721

February 26, 2023 by

lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of “Object” via __proto__, causing the addition or modification of an existing property that will exist on all objects.

CVE-2018-19296

February 26, 2023 by

PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.

CVE-2018-19274

February 26, 2023 by

Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions.

CVE-2018-11135

February 26, 2023 by

The script ‘/adminui/error_details.php’ in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks.

CVE-2020-8203

February 26, 2023 by

Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.

  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Interim pages omitted …
  • Go to page 37
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE