Export limit exceeded: 359236 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 359236 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (3006 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2024-43931 1 Eyecix 1 Jobsearch Wp Job Board 2024-09-13 9.8 Critical
Deserialization of Untrusted Data vulnerability in eyecix JobSearch allows Object Injection.This issue affects JobSearch: from n/a through 2.5.3.
CVE-2024-8255 1 Deltaww 2 Dtn Soft, Dtnsoft 2024-09-06 9.8 Critical
Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability.
CVE-2024-2694 1 Muffingroup 1 Betheme 2024-09-03 8.8 High
The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 27.5.6 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
CVE-2024-42362 2 Apache, Dromara 2 Hertzbeat, Hertzbeat 2024-08-28 8.8 High
Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in /api/monitors/import. This vulnerability is fixed in 1.6.0.
CVE-2024-36131 1 Ivanti 1 Endpoint Manager Mobile 2024-08-21 8.8 High
An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authenticated remote attacker to execute arbitrary commands on the underlying operating system of the appliance.
CVE-2024-8003 1 Gotribe 1 Gotribe-admin 2024-08-21 3.5 Low
A vulnerability was found in Go-Tribe gotribe-admin 1.0 and classified as problematic. Affected by this issue is the function InitRoutes of the file internal/app/routes/routes.go of the component Log Handler. The manipulation leads to deserialization. The patch is identified as 45ac90d6d1f82716f77dbcdf8e7309c229080e3c. It is recommended to apply a patch to fix this issue.