Vulnerability Name CVE Severity
.NET JSON.NET Deserialization RCE
AjaxPro.NET Professional Deserialization RCE (CVE-2021-23758)
Apache Log4j socket receiver deserialization vulnerability CVE-2017-5645
Apache Shiro Deserialization RCE CVE-2016-4437
Apache Solr Deserialization of untrusted data via jmx.serviceUrl CVE-2019-0192
CakePHP 1.3.5 / 1.2.8 unserialize() vulnerability CVE-2010-4335
ColdFusion AMF Deserialization RCE CVE-2017-3066
ColdFusion FlashGateway Deserialization RCE CVE-2019-7091 CVE-2019-7091
Deserialization of Untrusted Data (.NET BinaryFormatter Object Deserialization)
Deserialization of Untrusted Data (Java JSON Deserialization) Fastjson
Deserialization of Untrusted Data (Java JSON Deserialization) Genson
Deserialization of Untrusted Data (Java JSON Deserialization) JsonIO
DNN (DotNetNuke) CMS Cookie Deserialization RCE CVE-2017-9822
Flex BlazeDS AMF Deserialization RCE CVE-2017-5641
Invision Power Board version 3.3.4 unserialize PHP code execution CVE-2012-5692
Java object deserialization of user-supplied data
Kentico CMS Deserialization RCE
Oracle Business Intelligence AMF Deserialization RCE CVE-2020-2950 CVE-2020-2950
Oracle E-Business Suite Deserialization RCE
Oracle Weblogic Async Component Deserialization RCE CVE-2019-2725 CVE-2019-2725
PHP object deserialization of user-supplied data
PHP unserialize() used on user input
Python object deserialization of user-supplied data
SAP Hybris Deserialization RCE
Sitecore XP Deserialization RCE (CVE-2021-42237)