Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,769 vulnerabilities with CWE-502

CVE-2025-60455 HIGH

Modular Max Serve <25.6 - Code Injection

CVE-2025-13081 MEDIUM

Drupal 8.0.0-10.4.8, 10.5.0-10.5.5, 11.0.0-11.1.8, 11.2.0-11.2.7 - Object Injection

CVE-2025-12844 HIGH

AI Engine Plugin <3.1.8 - Code Injection

CVE-2025-11367 CRITICAL

N-central Software Probe <2025.4 - Deserialization

CVE-2025-62204 HIGH

Microsoft SharePoint Server - Remote Code Execution via Untrusted Data Deserialization

CVE-2025-64512 HIGH

pdfminer.six < 20251107 - Remote Code Execution via Malicious Pickle File Deserialization

CVE-2025-63617 MEDIUM

kutangguo ktg-mes < 2025-10-08 - Deserialization of Untrusted Data via fastjson

CVE-2025-12099 HIGH

Academy LMS - WordPress LMS Plugin <3.3.8 - Code Injection

CVE-2025-64439 HIGH

langgraph-checkpoint < 3.0.0 - Remote Code Execution via JsonPlusSerializer Deserialization

CVE-2025-62035 HIGH

Togo < 1.0.4 - PHP Object Injection via Untrusted Data Deserialization

CVE-2025-60245 CRITICAL

WP User Manager <2.9.12 - Code Injection

CVE-2025-58998 CRITICAL

s2Member <= 250701 - PHP Object Injection via Untrusted Data Deserialization

CVE-2025-58636 CRITICAL

WP Gravity Forms Keap/Infusionsoft <1.2.4 - Object Injection

CVE-2025-58619 HIGH

sbouey Falang <1.3.65 - Code Injection

CVE-2025-58592 HIGH

TranslatePress <2.10.2 - Code Injection

CVE-2025-54719 HIGH

NooTheme Yogi <2.9.2 - Code Injection

CVE-2025-53586 HIGH

NooTheme WeMusic <1.9.2 - Code Injection

CVE-2025-53242 CRITICAL

VictorThemes Seil <=1.7.1 - Object Injection

CVE-2025-49393 CRITICAL

Fetch Designs Sign-up-Sheets <2.3.2 - Code Injection

CVE-2025-49386 HIGH

Preserve Code Formatting <4.0.1 - Object Injection

CVE-2025-48086 MEDIUM

wpdreams Ajax Search Lite <4.13.3 - Code Injection

CVE-2025-64164 CRITICAL

Dataease < 2.10.15 - JNDI Injection via JDBC Connection

CVE-2025-8871 MEDIUM

Everest Forms (Pro) <1.9.7 - Code Injection

CVE-2025-64353 HIGH

Chouby Polylang <3.7.3 - Code Injection

CVE-2025-63675 MEDIUM

cryptidy < 1.2.4 - Remote Code Execution via Pickle Deserialization

Previous Page 24 of 111 Next

Details

Vulnerabilities 2,769

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy