Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,741 vulnerabilities with CWE-502

CVE-2026-24141 HIGH

NVIDIA Model Optimizer < 0.41.0 - Deserialization of Untrusted Data in ONNX Quantization Feature

CVE-2026-4735 HIGH

A stack overflow and DoS vulnerability in DTStack/chunjun

CVE-2026-4538 MEDIUM

PyTorch pt2 Loading deserialization

CVE-2026-0677 MEDIUM

WordPress TotalContest Lite plugin <= 2.9.1 - PHP Object Injection vulnerability

CVE-2026-29109 HIGH

SuiteCRM Authenticated Remote Code Execution via Unsafe Deserialization in SavedSearch Filter Processing

CVE-2026-25445 HIGH

WordPress WishList Member X plugin <= 3.29.0 - PHP Object Injection vulnerability

CVE-2026-27096 HIGH

WordPress ColorFolio - Freelance Designer WordPress Theme theme <= 1.3 - Deserialization of untrusted data vulnerability

CVE-2026-25873 CRITICAL

OmniGen2-RL Reward Server Unsafe Deserialization RCE

CVE-2026-25449 CRITICAL

WordPress Traveler theme < 3.2.8.1 - PHP Object Injection vulnerability

CVE-2026-25769 CRITICAL

Wazuh Cluster vulnerable to Remote Code Execution via Insecure Deserialization

CVE-2026-1323 HIGH

Insecure Deserialization in extension "Mailqueue" (mailqueue)

CVE-2026-32355 HIGH

Crocoblock JetEngine <3.8.4.1 - Deserialization

CVE-2026-3060 CRITICAL

SGLang < 0.5.10 - Unauthenticated Remote Code Execution via Pickle Deserialization

CVE-2026-3059 CRITICAL

SGLang Multimodal Module - Deserialization

CVE-2026-3967 MEDIUM

Alfresco Activiti <7.19/8.8.0 - Deserialization

CVE-2026-22248 HIGH

GLPI 11.0.0-11.0.4 - Authenticated RCE

CVE-2026-2626 HIGH

Divi-Booster <5.0.2 - CSRF & Object Injection

CVE-2026-26114 HIGH

Microsoft Office SharePoint - Deserialization

CVE-2026-25166 HIGH

Windows System Image Manager - Deserialization

CVE-2026-1286 HIGH

Unspecified Product - Deserialization

CVE-2026-27685 CRITICAL

SAP NetWeaver Enterprise Portal Administration - Deserialization of Untrusted Data via Malicious Content Upload

CVE-2026-2020 HIGH

WordPress JS Archive List <=6.1.7 - Deserialization

CVE-2026-28277 MEDIUM

LangGraph SQLite Checkpoint <=1.0.9 - Deserialization

CVE-2026-27749 HIGH

Avira Internet Security - Deserialization

CVE-2026-2599 CRITICAL

Database for Contact Form 7 <1.4.7 - Deserialization

Previous Page 11 of 110 Next

Details

Vulnerabilities 2,741

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy