Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,593 vulnerabilities with CWE-502

CVE-2026-7597 MEDIUM

mem0ai mem0 faiss.py pickle.dump deserialization

CVE-2026-42778 CRITICAL

Apache MINA: CWE-502 Deserialization of Untrusted Data (take 2)

CVE-2026-42779 CRITICAL

Apache MINA: AbstractIoBuffer.resolveClass() null-clazz Branch Skips acceptMatchers Filter — Full Object Deserialization RCE (take 2)

CVE-2026-7584 HIGH

Arbitrary Code Execution via Unsafe Deserialization in LabOne Q

CVE-2026-42521 MEDIUM

Jenkins Project Jenkins Matrix Authorization Strategy Plugin < 3.2.9 - Information Disclosure

CVE-2026-7317 MEDIUM

Grav CMS Cache Value FileCache.php doGet deserialization

CVE-2026-24186 HIGH

NVIDIA FLARE SDK <2.7.2 - Deserialization

CVE-2026-27172 HIGH

Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store

CVE-2026-41409 CRITICAL

Apache MINA: CWE-502 Deserialization of Untrusted Data

CVE-2026-40858 HIGH

Apache Camel: Camel-Infinispan: Unsafe Deserialization in Remote Aggregation Repository

CVE-2026-33454 CRITICAL

Apache Camel: Inbound Header Filter Missing in MailHeaderFilterStrategy Allows Remote Code Execution via MIME Header Injection (CVE-2025-30177 Variant)

CVE-2026-41635 CRITICAL

Apache MINA: AbstractIoBuffer.resolveClass() null-clazz Branch Skips acceptMatchers Filter — Full Object Deserialization RCE

CVE-2026-40860 CRITICAL

Apache Camel: Unsafe Deserialization of JMS ObjectMessage in camel-jms, camel-sjms, camel-sjms2 and camel-amqp

CVE-2026-40473 HIGH

Apache Camel Mina: Unsafe Deserialization in MinaConverter.toObjectInput() via TCP/UDP

CVE-2026-40048 HIGH

Apache Camel PQC: Unsafe Deserialization from FileBasedKeyLifecycleManager

CVE-2026-33819 CRITICAL

Microsoft Bing Remote Code Execution Vulnerability

CVE-2026-26210 CRITICAL

KTransformers Unsafe Deserialization RCE via balance_serve

CVE-2026-25874 CRITICAL

LeRobot Unsafe Deserialization Remote Code Execution via gRPC

CVE-2026-6857 HIGH

Camel-infinispan: camel-infinispan: remote code execution via unsafe deserialization

CVE-2026-6023 HIGH

Deserialization of Untrusted Data Vulnerability in Telerik UI for ASP.NET AJAX

CVE-2026-22016 HIGH

Oracle Java SE 8u481 - RCE

CVE-2026-39467 HIGH

WordPress Responsive Slider by MetaSlider plugin <= 3.106.0 - PHP Object Injection vulnerability

CVE-2026-25524 HIGH

OpenMage LTS's Phar Deserialization leads to Remote Code Execution

CVE-2026-25917 HIGH

Apache Airflow: API extra-links triggers XCom deserialization/class instantiation (Airflow 3.1.5)

CVE-2026-33337 HIGH

Firebird has a buffer overflow when parsing corrupted slice packets

Page 1 of 104 Next

Details

Vulnerabilities 2,593

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy