• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-502

CVE-2022-3360

February 23, 2023 by godfreyd94

The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution (RCE). To successfully exploit this vulnerability attackers must have knowledge of the site secrets, allowing them to generate a valid hash via the wp_hash() function.

CVE-2022-33107

February 23, 2023 by godfreyd94

ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerability via the component vendorleagueflysystem-cached-adaptersrcStorageAbstractCache.php. This vulnerability allows attackers to execute arbitrary code via a crafted payload.

CVE-2022-3291

February 23, 2023 by godfreyd94

Serialization of sensitive data in GitLab EE affecting all versions from 14.9 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 can leak sensitive information via cache

CVE-2022-32601

February 23, 2023 by godfreyd94

In telephony, there is a possible permission bypass due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319132; Issue ID: ALPS07319132.

CVE-2022-32521

February 23, 2023 by godfreyd94

A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. Affected Products: Data Center Expert (Versions prior to V7.9.0)

CVE-2022-32224

February 23, 2023 by godfreyd94

A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 115
  • Go to page 116
  • Go to page 117
  • Go to page 118
  • Go to page 119
  • Interim pages omitted …
  • Go to page 129
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE