Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,769 vulnerabilities with CWE-502

CVE-2025-33213 HIGH

NVIDIA Merlin Transformers4Rec - Deserialization

CVE-2025-67535 MEDIUM

WePlugins - WordPress Development Company WP Maps <4.8.6 - Code Inj...

CVE-2025-66631 CRITICAL

CSLA .NET < 6.0.0 - Remote Code Execution via WcfProxy NetDataContractSerializer Deserialization

CVE-2025-42928 CRITICAL

SAP jConnect - SDK for ASE 16.0.4-16.0.4, 16.1-16.1 - Remote Code Execution via Deserialization

CVE-2025-63721 HIGH

HummerRisk < 1.5.0 - Authenticated Remote Code Execution via Snakeyaml Deserialization

CVE-2025-66571 CRITICAL

UNA CMS <14.0.0-RC4 - Code Injection

CVE-2025-55182 CRITICAL KEV

React Server Components <19.2.0 - RCE

CVE-2025-41700 HIGH

CODESYS < 3.5.21.40 - Unauthenticated Remote Code Execution via Malicious Project File

CVE-2025-13805 LOW

NutzBoot < 2.6.0-SNAPSHOT - Remote Code Execution via LiteRpc-Serializer Deserialization

CVE-2025-9191 MEDIUM

Houzez WordPress <4.1.6 - Code Injection

CVE-2025-62703 HIGH

Fugue < 0.9.1 - Remote Code Execution via Pickle Deserialization

CVE-2025-51746 CRITICAL

jishenghua JSH_ERP < 2.3.1 - Remote Code Execution via Fastjson Deserialization

CVE-2025-51745 CRITICAL

jishenghua JSH_ERP < 2.3.1 - Deserialization of Untrusted Data via Fastjson

CVE-2025-51744 CRITICAL

jishenghua JSH_ERP < 2.3.1 - Deserialization of Untrusted Data via Fastjson

CVE-2025-51743 CRITICAL

jishenghua JSH_ERP < 2.3.1 - Remote Code Execution via Fastjson Deserialization

CVE-2025-51742 CRITICAL

Jishenghua Jsherp < 2.3.1 - Insecure Deserialization

CVE-2025-61168 CRITICAL

SIGB PMB <8.0.1.14 - Code Injection

CVE-2025-13467 MEDIUM

Keycloak LDAP Federation < 26.4.6 - Authenticated Deserialization of Untrusted Data via LDAP Server Configuration

CVE-2025-66073 HIGH

Cozmoslabs WP Webhooks <3.3.9 - Code Injection

CVE-2025-66055 HIGH

Icegram Email Subscribers & Newsletters <6 - Code Injection

CVE-2025-62164 HIGH

vLLM 0.10.2-0.11.1 - Remote Code Execution via Malicious Prompt Embedding Tensors

CVE-2025-59245 CRITICAL

Microsoft SharePoint Online - Elevation of Privilege via Deserialization of Untrusted Data

CVE-2025-36072 HIGH

IBM Webmethods Integration - Insecure Deserialization

CVE-2025-64408 MEDIUM

Apache Causeway < 3.5.0 - Authenticated Remote Code Execution via URL Parameter Deserialization

CVE-2025-13145 HIGH

WP Import - Ultimate CSV XML Importer - Code Injection

Previous Page 23 of 111 Next

Details

Vulnerabilities 2,769

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy