Total
2607 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-3001 | 1 Schneider-electric | 1 Igss Dashboard | 2025-03-05 | 7.8 High |
| A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file. | ||||
| CVE-2024-31903 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-05 | 8.8 High |
| IBM Sterling B2B Integrator Standard EditionĀ 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 allow an attacker on the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data. | ||||
| CVE-2024-50181 | 2025-03-03 | 5.5 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-5352 | 1 Anji-plus | 1 Aj-report | 2025-03-01 | 6.3 Medium |
| A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been rated as critical. Affected by this issue is the function validationRules of the component com.anjiplus.template.gaea.business.modules.datasetparam.controller.DataSetParamController#verification. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266264. | ||||
| CVE-2024-5351 | 1 Anji-plus | 1 Aj-report | 2025-03-01 | 6.3 Medium |
| A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been declared as critical. Affected by this vulnerability is the function getValueFromJs of the component Javascript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266263. | ||||
| CVE-2024-37099 | 2 Givewp, Liquidweb | 2 Givewp, Givewp | 2025-02-28 | 10 Critical |
| Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.14.1. | ||||
| CVE-2023-21744 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2025-02-28 | 8.8 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2023-21745 | 1 Microsoft | 1 Exchange Server | 2025-02-28 | 8 High |
| Microsoft Exchange Server Spoofing Vulnerability | ||||
| CVE-2023-21762 | 1 Microsoft | 1 Exchange Server | 2025-02-28 | 8 High |
| Microsoft Exchange Server Spoofing Vulnerability | ||||
| CVE-2023-21707 | 1 Microsoft | 1 Exchange Server | 2025-02-28 | 8.8 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2023-21710 | 1 Microsoft | 1 Exchange Server | 2025-02-28 | 7.2 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2023-28310 | 1 Microsoft | 1 Exchange Server | 2025-02-28 | 8 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2023-32031 | 1 Microsoft | 1 Exchange Server | 2025-02-28 | 8.8 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2023-33134 | 1 Microsoft | 1 Sharepoint Server | 2025-02-28 | 8.8 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2023-33160 | 1 Microsoft | 1 Sharepoint Server | 2025-02-28 | 8.8 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2023-40595 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-02-28 | 8.8 High |
| In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code. | ||||
| CVE-2024-45733 | 2 Microsoft, Splunk | 3 Windows, Splunk, Splunk Enterprise | 2025-02-28 | 8.8 High |
| In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) due to an insecure session storage configuration. | ||||
| CVE-2023-35388 | 1 Microsoft | 1 Exchange Server | 2025-02-27 | 8 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2023-38182 | 1 Microsoft | 1 Exchange Server | 2025-02-27 | 8 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2023-38181 | 1 Microsoft | 1 Exchange Server | 2025-02-27 | 8.8 High |
| Microsoft Exchange Server Spoofing Vulnerability | ||||