Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,844 vulnerabilities with CWE-502

CVE-2019-15320 CRITICAL

Optiontree < 2.7.3 - Insecure Deserialization

CVE-2019-15319 CRITICAL

Optiontree < 2.7.0 - Insecure Deserialization

CVE-2019-10086 HIGH

Apache Commons Beanutils 1.9.2 - Info Disclosure

CVE-2019-0344 CRITICAL KEV

SAP Commerce Cloud 6.4-6.7, 1808-1905 - Remote Code Execution via Unsafe Deserialization in virtualjdbc Extension

CVE-2019-14439 HIGH

FasterXML jackson-databind <2.9.9.2 - Info Disclosure

CVE-2019-10173 CRITICAL

xstream API <1.4.11 - Use After Free

CVE-2019-1010306 CRITICAL

Slanger < 0.6.1 - Unauthenticated Remote Code Execution via Deserialization

CVE-2019-10135 HIGH

osbs-client <0.56.1 - Code Injection

CVE-2019-12747 HIGH

TYPO3 8.3.0-8.7.26 and 9.x-9.5.7 - Deserialization of Untrusted Data

CVE-2019-12384 MEDIUM

FasterXML jackson-databind <2.9.9.1 - Deserialization

CVE-2019-11011 CRITICAL

Akamai CloudTest < 58.30 - Remote Code Execution via Untrusted Data Deserialization

CVE-2019-12814 MEDIUM

jackson-databind 2.0.0-2.9.9 - Unauthenticated Arbitrary File Read via JDOM Polymorphic Typing

CVE-2019-12868 HIGH

MISP 2.4.109 - Authenticated Remote Code Execution via PHAR Deserialization

CVE-2019-12799 HIGH

Shopware 5.3.0-5.6.x - Remote Code Execution via PHP Object Instantiation Bypass

CVE-2019-7840 CRITICAL

ColdFusion <Update 3 - Deserialization

CVE-2019-12760 LOW

parso < 0.4.0 - Remote Code Execution via Pickle Deserialization

CVE-2019-11080 HIGH

Sitecore Experience Platform < 9.1.1 - Authenticated Remote Code Execution via Deserialization

CVE-2019-11956 HIGH

HPE Intelligent Management Center < 7.3 - Remote Code Execution via Untrusted Data Deserialization

CVE-2019-11950 HIGH

HPE Intelligent Management Center < 7.3 - Remote Code Execution via Untrusted Data Deserialization

CVE-2019-5350 HIGH

HPE Intelligent Management Center < 7.3 - Remote Code Execution via Untrusted Data Deserialization

CVE-2019-11945 CRITICAL

HPE Intelligent Management Center < 7.3 - Remote Code Execution via Untrusted Data Deserialization

CVE-2019-11944 CRITICAL

HPE Intelligent Management Center < 7.3 - Remote Code Execution via Untrusted Data Deserialization

CVE-2019-10069 CRITICAL

Godot < 2.1 - Remote Code Execution via Deserialization

CVE-2019-9875 HIGH KEV

Sitecore CMS < 9.1 - Authenticated Remote Code Execution via Anti-CSRF Module Deserialization

CVE-2019-9874 CRITICAL KEV

Sitecore CMS 7.0-8.2 - Code Injection

Previous Page 102 of 114 Next

Details

Vulnerabilities 2,844

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy