Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,743 vulnerabilities with CWE-502

CVE-2026-22607 HIGH

fickling <= 0.1.6 - Incomplete List of Disallowed Inputs in cProfile Module Handling

CVE-2026-22606 HIGH

fickling < 0.1.7 - Incomplete List of Disallowed Inputs in runpy Module Handling

CVE-2026-22187 HIGH

openmicroscopy/bio-formats <= 8.3.0 - Deserialization of Untrusted Data via Memoization Cache Files

CVE-2025-11993 HIGH

WooCommerce Infinite Scroll and Ajax Pagination <= 1.8 - Authenticated (Subscriber+) PHP Object Injection

CVE-2025-33255 HIGH

NVIDIA TensorRT-LLM - Remote Code Execution via MPI Server Deserialization

CVE-2025-69690 CRITICAL

Netgate pfSense CE 2.7.2 - Code Injection

CVE-2025-60889 CRITICAL

StellarGroup HPX 1.11.0 - Deserialization

CVE-2025-60887 MEDIUM

Cista <= 0.15 - Information Disclosure via Insecure Deserialization

CVE-2025-62233 MEDIUM

Apache DolphinScheduler: Deserialization of untrusted data in RPC

CVE-2025-62373 CRITICAL

Pipecat vulnerable to Remote Code Execution by Pickle Deserialization via LivekitFrameSerializer

CVE-2025-15610 CRITICAL

OpenText RightFax through 25.4 - Deserialization

CVE-2025-33248 HIGH

NVIDIA Megatron LM < 0.15.3 - Remote Code Execution via Malicious File Loading

CVE-2025-33247 HIGH

NVIDIA Megatron LM < 0.15.3 - Remote Code Execution via Quantization Configuration Loading

CVE-2025-33244 CRITICAL

NVIDIA Apex - Deserialization of Untrusted Data

CVE-2025-71260 HIGH

BMC FootPrints ITSM 20.20.02-20.24.01.001 - VIEWSTATE Deserialization Code Execution

CVE-2025-60237 CRITICAL

WordPress Finag theme <= 1.5.0 - PHP Object Injection vulnerability

CVE-2025-60233 CRITICAL

WordPress Zuut theme <= 1.4.2 - PHP Object Injection vulnerability

CVE-2025-54920 HIGH

Apache Spark <3.5.7/4.0.1 - Deserialization

CVE-2025-13913 MEDIUM

Inductive Automation Ignition - Info Disclosure

CVE-2025-56422 CRITICAL

LimeSurvey <6.15.0+250623 - Deserialization

CVE-2025-11739 HIGH

Product Version - Deserialization

CVE-2025-54001 CRITICAL

ThemeREX Classter <=2.5 - Deserialization

CVE-2025-57622 CRITICAL

Step-Video-T2V - Remote Code Execution via Pickle Deserialization in API Endpoints

CVE-2025-52998 CRITICAL

Chamilo LMS < 1.11.30 - Deserialization of Untrusted Data

CVE-2025-50198 MEDIUM

Chamilo < 1.11.30 - Deserialization of Untrusted Data via Import Configuration Parameters

Previous Page 16 of 110 Next

Details

Vulnerabilities 2,743

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy