CWE-502
Medium likelihoodDeserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
2,769 vulnerabilities with CWE-502
CVE-2025-60084
HIGH
PDF for Elementor Forms + Drag And Drop Template Builder <6.3.1 - C...
CVSS 8.8
CVE-2025-60083
HIGH
PDF Invoice Builder for WooCommerce <6.3.2 - Code Injection
CVSS 8.8
CVE-2025-60082
HIGH
PDF for WPForms <6.3.1 - Code Injection
CVSS 8.8
CVE-2025-60081
HIGH
PDF for Contact Form 7 <6.3.4 - Code Injection
CVSS 8.8
CVE-2025-60080
HIGH
PDF for Gravity Forms + Drag And Drop Template Builder <6.3.0 - Cod...
CVSS 7.5
CVE-2025-54723
CRITICAL
BoldThemes DentiCare <1.4.3 - Code Injection
CVSS 9.8
CVE-2025-33226
HIGH
NVIDIA NeMo Framework - Code Injection
CVSS 7.8
CVE-2025-33212
HIGH
NVIDIA NeMo < 2.5.3 - Remote Code Execution via Malicious Model File Loading
CVSS 7.3
CVE-2025-33210
CRITICAL
NVIDIA Isaac Lab < 2.3.0 - Remote Code Execution via Untrusted Data Deserialization
CVSS 9.0
CVE-2025-67748
HIGH
fickling < 0.1.6 - Unsafe Pickle Misclassification via pty Module Import Bypass
CVSS 7.8
CVE-2025-67747
HIGH
fickling < 0.1.6 - Arbitrary Code Execution via Marshal and Types Module Bypass
CVSS 7.8
CVE-2025-9121
HIGH
Pentaho Data Integration & Analytics Community Dashboard Editor <10...
CVSS 8.8
CVE-2025-65213
CRITICAL
MooreThreads torch_musa - Remote Code Execution via Unsafe Pickle Deserialization in compare_tool
CVSS 9.8
CVE-2025-14606
MEDIUM
Tiny RDM <= 1.2.5 - Remote Code Execution via Pickle Deserialization
CVSS 5.0
CVE-2025-14476
HIGH
WordPress Doubly - Cross Domain Copy Paste <1.0.46 - Code Injection
CVSS 8.8
CVE-2025-26866
HIGH
Apache HugeGraph < 1.7.0 - Remote Code Execution via Hessian Deserialization
CVSS 8.8
CVE-2025-14044
HIGH
Visitor Logic Lite <1.0.3 - Code Injection
CVSS 8.1
CVE-2025-67779
HIGH
React Server Components 19.0.2, 19.1.3, 19.2.2 - Denial of Service via Unsafe Deserialization
CVSS 7.5
CVE-2025-55184
HIGH
React Server Components <19.2.1 - DoS
CVSS 7.5
CVE-2025-34394
CRITICAL
Barracuda RMM < 2025.1.1 - Remote Code Execution via .NET Remoting Deserialization
CVSS 9.8
CVE-2025-9571
HIGH
Google Cloud Data Fusion < 6.10.6, < 6.11.1 - Remote Code Execution via Artifact Upload
CVE-2025-61810
HIGH
ColdFusion <= 2025.4, 2023.16, 2021.22 - Authenticated Remote Code Execution via Deserialization
CVSS 8.4
CVE-2025-66214
HIGH
Ladybug < 3.0-20251107.114628 - Remote Code Execution via XML Deserialization
CVSS 7.0
CVE-2025-34414
CRITICAL
Entrust Instant Financial Issuance (IFI) On Premise <6.10.5-6.11.1 ...
CVE-2025-33214
HIGH
NVIDIA NVTabular - Deserialization of Untrusted Data in Workflow Component
CVSS 8.8
Details
Vulnerabilities
2,769
Exploit Likelihood
Medium