Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,812 vulnerabilities with CWE-502

CVE-2025-60238 CRITICAL

universam <8.72.34 - Code Injection

CVE-2025-60234 HIGH

designthemes Single Property <= 2.8 - Code Injection

CVE-2025-60232 CRITICAL

quantumcloud KBx Pro Ultimate <8.0.5 - Code Injection

CVE-2025-60228 HIGH

designthemes Knowledge Base <2.9 - Code Injection

CVE-2025-60226 CRITICAL

axiomthemes White Rabbit <= 1.5.2 - PHP Object Injection via Untrusted Data Deserialization

CVE-2025-60225 CRITICAL

AncoraThemes BugsPatrol <1.5.0 - Code Injection

CVE-2025-60224 CRITICAL

wpshuffle Subscribe to Download <2.0.9 - Code Injection

CVE-2025-60221 CRITICAL

Captivate Sync <3.0.3 - Code Injection

CVE-2025-60216 CRITICAL

BoldThemes Addison <1.4.2 - Code Injection

CVE-2025-60215 HIGH

designthemes Kriya <= 3.4 - Object Injection

CVE-2025-60214 CRITICAL

BoldThemes Goldenblatt <= 1.2.1 - Code Injection

CVE-2025-60213 CRITICAL

Whitebox-Studio Scape <1.5.13 - Object Injection

CVE-2025-60212 HIGH

Designthemes VEDA <4.2 - Code Injection

CVE-2025-60210 CRITICAL

Everest Forms - Frontend Listing <= 1.0.5 - PHP Object Injection via Untrusted Data Deserialization

CVE-2025-60209 CRITICAL

CRM Perks Connector - Object Injection

CVE-2025-60039 CRITICAL

Noisa <= 2.6.0 - PHP Object Injection via Untrusted Data Deserialization

CVE-2025-59007 CRITICAL

themesflat TF Woo Product Grid Addon For Elementor <2 - Deserializa...

CVE-2025-52740 HIGH

Boldermail <= 2.4.0 - PHP Object Injection via Untrusted Data Deserialization

CVE-2025-52737 HIGH

Tijmen Smit WP Store Locator <2.2.260 - Code Injection

CVE-2025-49380 CRITICAL

WooCommerce Vehicle Parts Finder <4.8 - Object Injection

CVE-2025-32283 HIGH

designthemes Solar Energy <3.5 - Code Injection

CVE-2025-31634 HIGH

designthemes Insurance <3.5 - Code Injection

CVE-2025-11938 MEDIUM

ChurchCRM < 5.18.0 - Remote Code Execution via Setup Route Deserialization

CVE-2025-62515 CRITICAL

pyquokka <= 0.3.1 - Remote Code Execution via Unsafe Pickle Deserialization in FlightServer

CVE-2025-62420 HIGH

DataEase < 2.10.14 - Authenticated Remote Code Execution via H2 JDBC Driver Bypass

Previous Page 27 of 113 Next

Details

Vulnerabilities 2,812

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy