CVE-2024-24842

HIGH Year: 2024
CVSS v3 Score
8.7
High
Weakness Type
CWE-502
View all →

Vulnerability Description

Deserialization of Untrusted Data vulnerability in Echo Plugins Knowledge Base for Documentation, FAQs with AI Assistance.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: from n/a through 11.30.2.

Related Vulnerabilities

CVE-2024-31277

HIGH
CVSS:8.7(High)

Deserialization of Untrusted Data vulnerability in PickPlugins Product Designer.This issue affects Product Designer: from n/a through 1.0.32.

CWE-5022024

CVE-2021-21349

HIGH
CVSS:8.6(High)

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resourc...

CWE-5022021

CVE-2021-21371

HIGH
CVSS:8.6(High)

Tenable for Jira Cloud is an open source project designed to pull Tenable.io vulnerability data, then generate Jira Tasks and sub-tasks based on the vulnerabilities' current state. It published in pyp...

CWE-5022021

CVE-2021-27475

HIGH
CVSS:8.6(High)

Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object t...

CWE-5022021

CVE-2025-1403

HIGH
CVSS:8.6(High)

Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a ...

CWE-5022025

CVE-2016-10753

HIGH
CVSS:8.8(High)

e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.

CWE-5022016