Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,844 vulnerabilities with CWE-502

CVE-2018-12539 HIGH

Eclipse OpenJ9 0.8 - Privilege Escalation

CVE-2018-14878 HIGH

JetBrains dotPeek <2018.2 - Code Injection

CVE-2018-15133 HIGH KEV

Laravel Framework < 5.5.40 and 5.6.x < 5.6.30 - Remote Code Execution via Unserialize of X-XSRF-TOKEN

CVE-2018-8018 CRITICAL

Apache Ignite <2.4.8, <2.5.3 - Code Injection

CVE-2018-1000210 HIGH

YamlDotNet < 5.0.0 - Deserialization of Untrusted Data via Type Name in Tag

CVE-2018-1000527 HIGH

Froxlor <= 0.9.39.5 - Code Injection

CVE-2018-1000525 CRITICAL

openpsa - Remote Code Execution via PHP Object Injection in GET Request Variables

CVE-2018-1000509 HIGH

Redirection 2.7.1 - Authenticated Remote Code Execution via Settings Page AJAX Deserialization

CVE-2018-6497 HIGH

Micro Focus CMS Server 2018.05 & Universal CMDB Server 10.20-10.33 - Unsafe Deserialization & CSRF

CVE-2018-6496 HIGH

Micro Focus Universal CMDB Browser 4.10-4.15.1 - Unsafe Deserialization and Cross-Site Request Forgery

CVE-2018-8013 CRITICAL

Apache Batik 1.x -<1.10 - Deserialization

CVE-2018-10654 HIGH

Citrix XenMobile <10.8-RP2, <10.7-RP3 - Code Injection

CVE-2018-1310 HIGH

Apache NiFi < 1.6.0 - Denial of Service via JMS Deserialization

CVE-2018-4939 CRITICAL KEV

Adobe ColdFusion Update 5 and earlier, ColdFusion 11 Update 13 and earlier - Deserialization of Untrusted Data

CVE-2018-1131 HIGH

Infinispan - Authenticated Remote Code Execution via XML and JSON Transcoders

CVE-2018-0824 HIGH KEV

Microsoft Windows - Remote Code Execution via Untrusted Object Deserialization

CVE-2018-7891 HIGH

Milestone XProtect <12.1a - Remote Code Execution

CVE-2018-2628 CRITICAL KEV

Oracle WebLogic Server <12.2.1.3 - RCE

CVE-2018-1000167 HIGH

OISF suricata-update <1.0.0a1 - Insecure Deserialization

CVE-2018-10085 CRITICAL

CMS Made Simple < 2.2.6 - Remote Code Execution via Unserialize in LoginOperations

CVE-2018-9843 CRITICAL

CyberArk Password Vault < 9.9.5 and 10.x < 10.1 - Remote Code Execution via REST API Authorization Header

CVE-2018-1295 CRITICAL

Apache Ignite < 2.3.0 - Remote Code Execution via Untrusted Data Deserialization

CVE-2018-7529 HIGH

OSIsoft PI Data Archive < 2017 - Unauthenticated Denial of Service via Deserialization

CVE-2018-1000074 HIGH

RubyGems <2.7.6 - Deserialization of Untrusted Data

CVE-2018-7889 HIGH

Calibre - Remote Code Execution via cPickle Deserialization in Bookmark Import

Previous Page 107 of 114 Next

Details

Vulnerabilities 2,844

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy