Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,743 vulnerabilities with CWE-502

CVE-2026-1691 MEDIUM

bolo-solo < 2.6.4 - Remote Code Execution via SnakeYAML Deserialization

CVE-2026-24765 HIGH

PHPUnit < 8.5.52 - Remote Code Execution via Unsafe Deserialization in PHPT Coverage Cleanup

CVE-2026-24747 HIGH

PyTorch < 2.10.0 - Remote Code Execution via Malicious Checkpoint File

CVE-2026-24815 CRITICAL

datavane tis <4.3.0 - Deserialization

CVE-2026-23864 HIGH

React Server Components 19.0.0-19.0.3, 19.1.0-19.1.4, 19.2.0-19.2.3 - DoS via Crafted HTTP Requests

CVE-2026-24656 LOW

Apache Karaf Decanter - Deserialization

CVE-2026-0773 CRITICAL

Upsonic - Unauthenticated Remote Code Execution via Cloudpickle Deserialization in add_tool Endpoint

CVE-2026-0772 HIGH

Langflow Disk Cache - Deserialization

CVE-2026-0764 CRITICAL

GPT Academic - Unauthenticated Remote Code Execution via Upload Endpoint Deserialization

CVE-2026-0763 CRITICAL

GPT Academic - Unauthenticated Remote Code Execution via run_in_subprocess_wrapper_func Deserialization

CVE-2026-0762 HIGH

GPT Academic - Remote Code Execution via Untrusted Data Deserialization in stream_daas

CVE-2026-0760 CRITICAL

Foundation Agents MetaGPT - Deserialization

CVE-2026-24009 HIGH

docling-core 2.21.0-2.48.4 - Remote Code Execution via PyYAML Deserialization

CVE-2026-23946 MEDIUM

Tendenci <15.3.11 - Authenticated RCE

CVE-2026-23737 HIGH

seroval < 1.4.1 - Remote Code Execution via JSON Deserialization

CVE-2026-23524 CRITICAL

Laravel Reverb < 1.7.0 - Remote Code Execution via Unsafe Redis Data Deserialization

CVE-2026-0726 HIGH

Nexter Extension - Site Enhancements Toolkit <4.4.6 - Code Injection

CVE-2026-0895 MEDIUM

TYPO3 Extension Mailqueue < 0.4.3 and 0.5.0 < 0.5.1 - Insecure Deserialization

CVE-2026-23746 CRITICAL

Entrust Instant Financial Issuance (IFI) On Premise <6.10.5-6.11.1 ...

CVE-2026-21226 HIGH

Azure Core Shared Client Library for Python < 1.38.0 - Remote Code Execution via Untrusted Data Deserialization

CVE-2026-20963 CRITICAL KEV

Microsoft Office SharePoint - Code Injection

CVE-2026-0859 HIGH

Typo3 < 10.4.55 - Insecure Deserialization

CVE-2026-22612 HIGH

fickling < 0.1.7 - Detection Bypass via Builtins Blindness

CVE-2026-22609 HIGH

fickling < 0.1.7 - Incomplete List of Disallowed Inputs in unsafe_imports()

CVE-2026-22608 HIGH

fickling < 0.1.7 - Remote Code Execution via Unblocked ctypes and pydoc Modules

Previous Page 15 of 110 Next

Details

Vulnerabilities 2,743

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy