CWE-502
Medium likelihoodDeserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
2,769 vulnerabilities with CWE-502
CVE-2025-13706
HIGH
Tencent PatrickStar - Deserialization
CVSS 7.8
CVE-2025-14931
CRITICAL
Hugging Face smolagents - Deserialization
CVSS 10.0
CVE-2025-14930
HIGH
Hugging Face Transformers - Remote Code Execution via GLM4 Weight Parsing
CVSS 7.8
CVE-2025-14929
HIGH
Hugging Face Transformers - Remote Code Execution via X-CLIP Checkpoint Deserialization
CVSS 7.8
CVE-2025-14925
HIGH
Hugging Face Accelerate - Remote Code Execution via Checkpoint Deserialization
CVSS 7.8
CVE-2025-14924
HIGH
Hugging Face Transformers - Remote Code Execution via Checkpoint Deserialization
CVSS 7.8
CVE-2025-14922
HIGH
Hugging Face Diffusers CogView4 - Deserialization
CVSS 7.8
CVE-2025-14921
HIGH
Hugging Face Transformers - Remote Code Execution via Transformer-XL Model Deserialization
CVSS 7.8
CVE-2025-14920
HIGH
Hugging Face Transformers - Remote Code Execution via Perceiver Model Deserialization
CVSS 7.8
CVE-2025-14071
HIGH
Live Composer - PHP Object Injection
CVSS 7.5
CVE-2025-65035
MEDIUM
pluginsGLPI's Database Inventory Plugin <1.1.2 - Code Injection
CVSS 6.4
CVE-2025-66524
HIGH
Apache NiFi <2.6.0 - Deserialization
CVSS 8.8
CVE-2025-34449
CRITICAL
Genymobile scrcpy <= 3.3.3 - Buffer Overflow in sc_device_msg_deserialize()
CVSS 9.1
CVE-2025-63951
HIGH
Phoniebox < 2025-10-07 - Unauthenticated Insecure Deserialization via RSS GET Parameter
CVSS 7.5
CVE-2025-63950
HIGH
to3k Twittodon <b1c58a7d1dc664 - Open Redirect
CVSS 7.5
CVE-2025-64266
HIGH
Booking and Rental Manager <2.5.4 - Code Injection
CVSS 8.8
CVE-2025-64233
CRITICAL
BoldThemes Codiqa < 1.2.8 - Code Injection
CVSS 9.8
CVE-2025-64227
CRITICAL
BoldGrid Client Invoicing <20.8.7 - Code Injection
CVSS 9.8
CVE-2025-64206
CRITICAL
TieLabs Jannah <7.6.0 - Code Injection
CVSS 9.8
CVE-2025-60180
CRITICAL
CRM Perks WP Gravity Forms Salesforce <= 1.5.1 - PHP Object Injection via Untrusted Data Deserialization
CVSS 9.8
CVE-2025-60178
CRITICAL
CRM Perks WP Gravity Forms HubSpot <= 1.2.6 - Deserialization of Untrusted Data
CVSS 9.8
CVE-2025-60174
CRITICAL
CRM Perks WP Gravity Forms Constant Contact Plugin <= 1.1.2 - Object Injection via Untrusted Data Deserialization
CVSS 9.8
CVE-2025-60091
CRITICAL
CRM Perks WP Gravity Forms Zoho CRM and Bigin <= 1.2.9 - Object Injection via Untrusted Data Deserialization
CVSS 9.8
CVE-2025-60090
CRITICAL
CRM Perks WP Gravity Forms Insightly <= 1.1.6 - Object Injection via Untrusted Data Deserialization
CVSS 9.8
CVE-2025-60089
CRITICAL
CRM Perks WP Gravity Forms FreshDesk Plugin <= 1.3.5 - Deserialization of Untrusted Data
CVSS 9.8
Details
Vulnerabilities
2,769
Exploit Likelihood
Medium