Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,769 vulnerabilities with CWE-502

CVE-2025-47552 CRITICAL

DZS Video Gallery <12.37 - Code Injection

CVE-2025-47553 HIGH

DZS Video Gallery <12.25 - Code Injection

CVE-2025-31047 HIGH

Themify Edmin <2.0.0 - Code Injection

CVE-2025-15453 MEDIUM

Milvus < 2.6.8 - Deserialization via HTTP Endpoint Argument Manipulation

CVE-2025-15438 MEDIUM

PluXml < 5.8.22 - Deserialization via FileCookieJar Destructor in Media Management Module

CVE-2025-11157 HIGH

feast < 0.54.0 - Remote Code Execution via YAML Deserialization in Kubernetes Materializer

CVE-2025-15276 HIGH

FontForge - Remote Code Execution via SFD File Parsing

CVE-2025-15375 MEDIUM

EyouCMS < 1.7.8 - Remote Code Execution via Unserialize in arcpagelist Handler

CVE-2025-15246 MEDIUM

aizuda snail-job <1.7.0 - Deserialization

CVE-2025-15222 MEDIUM

Dromara Sa-Token <1.44.0 - Deserialization

CVE-2025-15117 LOW

Dromara Sa-Token <1.44.0 - Deserialization

CVE-2025-67729 HIGH

LMDeploy < 0.11.1 - Remote Code Execution via Insecure PyTorch Model Deserialization

CVE-2025-68038 HIGH

Icegram Express Pro <6 - Code Injection

CVE-2025-68665 HIGH

LangChain <0.3.80, 1.1.8 - Code Injection

CVE-2025-68664 CRITICAL

LangChain <0.3.81 and 1.2.5 - Code Injection

CVE-2025-13716 HIGH

Tencent MimicMotion - Deserialization

CVE-2025-13715 HIGH

Tencent FaceDetection-DSFD - Deserialization

CVE-2025-13714 HIGH

Tencent MedicalNet - Deserialization

CVE-2025-13713 HIGH

Tencent Hunyuan3D-1 - Deserialization

CVE-2025-13712 HIGH

Tencent HunyuanDiT - Use After Free

CVE-2025-13711 HIGH

Tencent TFace < 2025-09-29 - Remote Code Execution via Untrusted Data Deserialization in Eval Endpoint

CVE-2025-13710 HIGH

Tencent HunyuanVideo - Deserialization

CVE-2025-13709 HIGH

Tencent TFace < 2025-09-29 - Remote Code Execution via restore_checkpoint Deserialization

CVE-2025-13708 HIGH

Tencent NeuralNLP-NeuralClassifier - Use After Free

CVE-2025-13707 HIGH

Tencent HunyuanDiT - Deserialization

Previous Page 20 of 111 Next

Details

Vulnerabilities 2,769

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy