Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,844 vulnerabilities with CWE-502

CVE-2017-5954 CRITICAL

serialize-to-js 0.5.0 - Remote Code Execution via Untrusted Data Deserialization

CVE-2017-5941 CRITICAL

node-serialize < 0.0.4 - Remote Code Execution via Unserialize Function

CVE-2016-15044 CRITICAL

Kaltura Video Platform < 11.1.0-2 - Unauthenticated Remote Code Execution via Unsafe Deserialization in keditorservices

CVE-2016-1487 HIGH

Lexmark Markvision Enterprise <2.3.0 - Code Injection

CVE-2016-1000027 CRITICAL

Pivotal Spring Framework <5.3.16 - RCE

CVE-2016-10753 HIGH

e107 2.1.2 - SQL Injection via PHP Object Injection in usersettings.php

CVE-2016-10750 HIGH

Hazelcast < 3.11 - Remote Code Execution via Java Deserialization

CVE-2016-9045 HIGH

ProcessMaker Enterprise Core <3.0.1.7 - Code Injection

CVE-2016-0750 MEDIUM

Infinispan <9.1.0.Final - Code Injection

CVE-2016-4405 HIGH

HP Business Service Management 9.20-9.26 - Remote Code Execution via Apache Commons Collection Deserialization

CVE-2016-4398 HIGH

HP Network Node Manager i <10.10 - RCE

CVE-2016-8653 MEDIUM

Red Hat JBoss Fuse 6-Red Hat A-MQ 6 - DoS

CVE-2016-8648 HIGH

Red Hat JBoss Fuse/J-A-MQ 6.x - Code Injection

CVE-2016-9498 CRITICAL

ManageEngine Applications Manager 12-13 < 13200 - Unauthenticated Remote Code Execution via Unsafe Java Deserialization

CVE-2016-9483 CRITICAL

PHP FormMail Generator - Unauthenticated PHP Code Injection via Untrusted Deserialization

CVE-2016-9585 MEDIUM

Red Hat JBoss EAP 5 - Denial of Service via JMX Endpoint Deserialization

CVE-2016-8519 CRITICAL

HPE Operations Orchestration <10.70 - RCE

CVE-2016-8511 CRITICAL

HP Network Automation <=10.20 - Remote Code Execution via Java Deserialization

CVE-2016-3957 CRITICAL

web2py < 2.14.2 - Remote Code Execution via Pickle Deserialization in Session Cookie

CVE-2016-6814 CRITICAL

Apache Groovy 1.7.0-2.4.7 - Remote Code Execution via Untrusted Data Deserialization

CVE-2016-5003 CRITICAL

Apache ws-xmlrpc 3.1.3 - Remote Code Execution via Deserialization in Serializable Element

CVE-2016-8736 CRITICAL

Apache OpenMeetings < 3.1.2 - Remote Code Execution via RMI Deserialization

CVE-2016-8744 HIGH

Apache Brooklyn <0.10.0 - Code Injection

CVE-2016-6793 CRITICAL

Apache Wicket 1.5.0-1.5.16 - Deserialization of Untrusted Data in DiskFileItem

CVE-2016-4000 CRITICAL

Jython < 2.7.1-rc1 - Remote Code Execution via PyFunction Deserialization

Previous Page 112 of 114 Next

Details

Vulnerabilities 2,844

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy