Export limit exceeded: 16388 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2838 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-31429 | 2026-04-28 | 9.8 Critical | ||
| Deserialization of Untrusted Data vulnerability in themeton PressGrid - Frontend Publish Reaction & Multimedia Theme allows Object Injection. This issue affects PressGrid - Frontend Publish Reaction & Multimedia Theme: from n/a through 1.3.1. | ||||
| CVE-2025-31398 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in themeton PIMP - Creative MultiPurpose allows Object Injection. This issue affects PIMP - Creative MultiPurpose: from n/a through 1.7. | ||||
| CVE-2025-31396 | 2026-04-28 | 9.8 Critical | ||
| Deserialization of Untrusted Data vulnerability in themeton FLAP - Business WordPress Theme allows Object Injection. This issue affects FLAP - Business WordPress Theme: from n/a through 1.5. | ||||
| CVE-2025-31069 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in themeton HotStar – Multi-Purpose Business Theme allows Object Injection. This issue affects HotStar – Multi-Purpose Business Theme: from n/a through 1.4. | ||||
| CVE-2025-31049 | 2026-04-28 | 9.8 Critical | ||
| Deserialization of Untrusted Data vulnerability in themeton Dash allows Object Injection. This issue affects Dash: from n/a through 1.3. | ||||
| CVE-2025-31047 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Themify Themify Edmin allows Object Injection.This issue affects Themify Edmin: from n/a through 2.0.0. | ||||
| CVE-2025-24777 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in awethemes Hillter allows Object Injection. This issue affects Hillter: from n/a through 3.0.7. | ||||
| CVE-2024-52412 | 1 Stephen Cui | 1 Xin | 2026-04-28 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Stephen Cui Xin allows Object Injection.This issue affects Xin: from n/a through 1.0.8.1. | ||||
| CVE-2024-33568 | 1 Bdthemes | 1 Element Pack | 2026-04-28 | 8.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Deserialization of Untrusted Data vulnerability in BdThemes Element Pack Pro allows Path Traversal, Object Injection.This issue affects Element Pack Pro: from n/a before 7.19.3. | ||||
| CVE-2024-32600 | 1 Averta | 1 Master Slider | 2026-04-28 | 8.3 High |
| Deserialization of Untrusted Data vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.9.5. | ||||
| CVE-2024-31308 | 2 Vjinfotech, Wordpress | 2 Wp Import Export Lite, Wordpress | 2026-04-28 | 4.4 Medium |
| Deserialization of Untrusted Data vulnerability in VJInfotech WP Import Export Lite.This issue affects WP Import Export Lite: from n/a through 3.9.26. | ||||
| CVE-2024-31094 | 1 Filter Custom Fields And Taxonomies Light | 1 Filter Custom Fields And Taxonomies Light | 2026-04-28 | 8.5 High |
| Deserialization of Untrusted Data vulnerability in Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through 1.05. | ||||
| CVE-2024-25100 | 1 Wpswings | 1 Coupon Referral Program | 2026-04-28 | 10 Critical |
| Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program allows Object Injection.This issue affects Coupon Referral Program: from n/a before 1.8.4. | ||||
| CVE-2023-52206 | 1 Blueastral | 1 Page Builder\ | 2026-04-28 | 7.7 High |
| Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer live-composer-page-builder.This issue affects Page Builder: Live Composer: from n/a through 1.5.25. | ||||
| CVE-2023-27459 | 1 Wpeverest | 2 User Registration, User Registration \& Membership | 2026-04-28 | 7.4 High |
| Deserialization of Untrusted Data vulnerability in WPEverest User Registration.This issue affects User Registration: from n/a through 2.3.2.1. | ||||
| CVE-2023-23649 | 1 Mainwp | 1 Mainwp Links Manager Extension | 2026-04-28 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in MainWP MainWP Links Manager Extension.This issue affects MainWP Links Manager Extension: from n/a through 2.1. | ||||
| CVE-2026-25874 | 1 Huggingface | 1 Lerobot | 2026-04-28 | 9.8 Critical |
| LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads() is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable attacker can achieve arbitrary code execution on the server or client by sending a crafted pickle payload through the SendPolicyInstructions, SendObservations, or GetActions gRPC calls. | ||||
| CVE-2026-1839 | 1 Huggingface | 1 Transformers | 2026-04-28 | 7.8 High |
| A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows for arbitrary code execution. The `_load_rng_state()` method in `src/transformers/trainer.py` at line 3059 calls `torch.load()` without the `weights_only=True` parameter. This issue affects all versions of the library supporting `torch>=2.2` when used with PyTorch versions below 2.6, as the `safe_globals()` context manager provides no protection in these versions. An attacker can exploit this vulnerability by supplying a malicious checkpoint file, such as `rng_state.pth`, which can execute arbitrary code when loaded. The issue is resolved in version v5.0.0rc3. | ||||
| CVE-2025-66073 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Object Injection.This issue affects WP Webhooks: from n/a through <= 3.3.8. | ||||
| CVE-2025-60084 | 3 Add-ons.org, Elementor, Wordpress | 3 Pdf-for-elementor-forms, Elementor, Wordpress | 2026-04-28 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Elementor Forms + Drag And Drop Template Builder pdf-for-elementor-forms allows Object Injection.This issue affects PDF for Elementor Forms + Drag And Drop Template Builder: from n/a through <= 6.5.0. | ||||