Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,743 vulnerabilities with CWE-502

CVE-2026-27475 HIGH

SPIP 4.4.0-4.4.8 - Insecure Deserialization via table_valeur Filter and DATA Iterator

CVE-2026-25316 HIGH

CartFlows <=2.1.19 - Deserialization

CVE-2026-23549 CRITICAL

WpEvently <=5.1.1 - Deserialization

CVE-2026-23544 HIGH

Valenti <=5.6.3.5 - Deserialization

CVE-2026-23542 CRITICAL

ThemeGoods Grand Restaurant <=7.0.10 - Deserialization

CVE-2026-22333 HIGH

YITH WooCommerce Compare <=3.6.0 - Deserialization

CVE-2026-1426 HIGH

Advanced AJAX Product Filters <=3.1.9.6 - Deserialization

CVE-2026-26220 CRITICAL

LightLLM <=1.1.0 - Unauthenticated RCE

CVE-2026-2555 MEDIUM

JeecgBoot 3.9.1 - Deserialization via AiragKnowledgeController importDocumentFromZip

CVE-2026-26333 CRITICAL

Calero VeraSMART <2022 R1 - Unauthenticated Code Injection

CVE-2026-26208 HIGH

ADB-Explorer < Beta 0.9.26020 - Remote Code Execution via Insecure Deserialization in App.txt Settings

CVE-2026-26221 CRITICAL

Hyland OnBase - Unauthenticated RCE

CVE-2026-26215 CRITICAL

manga-image-translator <beta-0.3 - Unauthenticated RCE

CVE-2026-0910 HIGH

wpForo Forum <2.4.13 - Code Injection

CVE-2026-1235 MEDIUM

WP eCommerce <3.15.1 - Code Injection

CVE-2026-21531 CRITICAL

Azure Conversation Authoring Client Library - Remote Code Execution via Untrusted Data Deserialization

CVE-2026-21511 HIGH

Microsoft 365 Apps and Office - Spoofing via Untrusted Data Deserialization

CVE-2026-23685 MEDIUM

SAP NetWeaver - Authenticated Denial of Service via JMS Service Deserialization

CVE-2026-25925 HIGH

PowerDocu < 2.4.0 - Remote Code Execution via Untrusted JSON Deserialization

CVE-2026-25923 CRITICAL

my little forum <20260208.1 - Code Injection

CVE-2026-2113 HIGH

yuan1994 tpadmin <1.3.12 - Deserialization

CVE-2026-25632 CRITICAL

EPyT-Flow < 0.16.1 - Remote Code Execution via Untrusted JSON Deserialization

CVE-2026-25615 HIGH

Blesta 3.0.0-5.13.2 - Object Injection

CVE-2026-25614 HIGH

Blesta 3.0.0-5.13.2 - Object Injection via Untrusted Data Deserialization

CVE-2026-24954 HIGH

WpEvently <= 5.0.8 - Deserialization of Untrusted Data

Previous Page 14 of 110 Next

Details

Vulnerabilities 2,743

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy