Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,844 vulnerabilities with CWE-502

CVE-2019-6980 CRITICAL

Synacor Zimbra Collaboration Suite <8.9 - Deserialization

CVE-2019-7091 CRITICAL

ColdFusion <Update 1, <Update 7, <Update 15 - Code Injection

CVE-2019-12241 CRITICAL

Carts Guru <1.4.5 - Insecure Deserialization

CVE-2019-12240 CRITICAL

Virim plugin 0.4 - Insecure Deserialization

CVE-2019-12086 HIGH

FasterXML jackson-databind <2.9.9 - Code Injection

CVE-2019-4279 CRITICAL

IBM WebSphere App Server <9.0 - RCE

CVE-2019-10912 HIGH

Symfony < 2.8.50, 3.x < 3.4.26, 4.x < 4.1.12, 4.2.x < 4.2.7 - Arbitrary File Deletion via Unsafe Object Caching

CVE-2019-10924 HIGH

LOGO! Soft Comfort < 8.3 - Remote Code Execution via Malicious Project File

CVE-2019-11831 CRITICAL

PharStreamWrapper <2.1.1-3.1.1 - Path Traversal

CVE-2019-11830 CRITICAL

PharStreamWrapper <2.1.1-3.1.1 - Deserialization

CVE-2019-11458 HIGH

CakePHP 3.7.6 - Arbitrary File Write via Unserialized Object in SmtpTransport

CVE-2019-5434 CRITICAL

revive_adserver < 4.2.0 - Remote Code Execution via XML-RPC Unserialize

CVE-2019-7214 CRITICAL

SmarterTools SmarterMail less than build 6985 - .NET Deserialization Remote Code Execution

CVE-2019-9056 HIGH

CMS Made Simple 2.2.8 - Authenticated Object Injection via FrontEndUsers Module

CVE-2019-7361 HIGH

Autodesk Advance Steel 2018 - Remote Code Execution via Malicious .actm File Deserialization

CVE-2019-10867 HIGH

pimcore < 5.7.1 - Authenticated Remote Code Execution via Unserialize in Bulk-Commit Endpoint

CVE-2019-10068 CRITICAL KEV

Kentico <12.0.15, 11.0.48, 10.0.52, 9.x - Code Injection

CVE-2019-9061 HIGH

CMS Made Simple < 2.2.8 - Authenticated Object Injection via Module Installation

CVE-2019-9057 HIGH

CMS Made Simple < 2.2.8 - Authenticated Object Injection via FilePicker Module

CVE-2019-9055 HIGH

CMS Made Simple < 2.2.8 - Authenticated Remote Code Execution via m1_allparms Deserialization

CVE-2019-7539 HIGH

ipycache <2016-05-31 - Code Injection

CVE-2019-0192 CRITICAL

Apache Solr 5.0.0-5.5.5 and 6.0.0-6.6.5 - Remote Code Execution via JMX Config API

CVE-2019-0187 CRITICAL

Apache JMeter < 5.1 - Unauthenticated Remote Code Execution via RMI Deserialization

CVE-2019-9212 CRITICAL

SOFA-Hessian < 4.0.2 - Remote Code Execution via Hessian Deserialization

CVE-2019-6340 HIGH KEV

Drupal 7.0.0-7.61.0 8.5.0-8.5.10 8.6.0-8.6.9 - Remote Code Execution via Unsanitized Field Data

Previous Page 103 of 114 Next

Details

Vulnerabilities 2,844

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy