Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,812 vulnerabilities with CWE-502

CVE-2025-62419 HIGH

DataEase < 2.10.14 - JDBC URL Injection via DB2 and MongoDB Data Source Configuration

CVE-2025-49655 CRITICAL

Keras 3.11.0-3.11.2 - Remote Code Execution via TorchModuleWrapper Deserialization

CVE-2025-54539 CRITICAL

Apache ActiveMQ NMS AMQP < 2.4.0 - Remote Code Execution via Untrusted AMQP Server Deserialization

CVE-2025-59287 CRITICAL KEV

Windows Server 2012, 2016, 2019, 2022, 2025 - Unauthenticated RCE via Deserialization

CVE-2025-59285 HIGH

Azure Monitor Agent < 1.36.3 - Authenticated Privilege Escalation via Untrusted Data Deserialization

CVE-2025-59237 HIGH

Microsoft SharePoint Server - Remote Code Execution via Untrusted Data Deserialization

CVE-2025-11622 HIGH

Ivanti Endpoint Manager < 2024 SU4 - Authenticated Privilege Escalation via Insecure Deserialization

CVE-2025-61505 MEDIUM

e107 < 2.3.3 - Remote Code Execution via Insecure Deserialization in install.php

CVE-2025-35051 CRITICAL

Newforma Project Center Server - Unauthenticated Remote Code Execution via .NET Deserialization

CVE-2025-35050 CRITICAL

Newforma Project Center - RCE via .NET Deserialization in /remoteweb/remote.rem

CVE-2025-60834 MEDIUM

uzy-ssm-mall <v1.1.0 - Code Injection

CVE-2025-60830 MEDIUM

redragon-erp v1.0 - Deserialization

CVE-2025-60828 MEDIUM

WukongCRM-9.0-JAVA - Code Injection

CVE-2025-11346 MEDIUM

ILIAS <8.23/9.13/10.1 - Deserialization

CVE-2025-11345 MEDIUM

ILIAS <8.23/9.13/10.1 - Deserialization

CVE-2025-10363 CRITICAL

Topal Finanzbuchhaltung <11.2.12.00 - RCE

CVE-2025-61765 MEDIUM

python-socketio < 5.14.0 - Remote Code Execution via Pickle Deserialization

CVE-2025-11273 MEDIUM

LaChatterie Verger <= 1.2.10 - Remote Code Execution via OAuth Provider URL Deserialization

CVE-2025-61677 LOW

DataChain < 0.34.2 - Remote Code Execution via Untrusted Data Deserialization

CVE-2025-61622 CRITICAL

pyfory 0.12.0-0.12.2 and pyfury 0.1.0-0.10.3 - Remote Code Execution via Pickle Deserialization

CVE-2025-11135 HIGH

pmTicket Project-Management-Software <2ef379da2075f4761a2c9029cf91d...

CVE-2025-58384 CRITICAL

DOXENSE WATCHDOC <6.1.1.5332 - Code Injection

CVE-2025-10975 MEDIUM

GuanxingLu <31abc0baf53ef8f5db666a1c882e1ea64def2997 - SSRF

CVE-2025-10974 MEDIUM

giantspatula SewKinect - Deserialization

CVE-2025-10965 MEDIUM

LazyAGI LazyLLM <0.6.1 - Deserialization

Previous Page 28 of 113 Next

Details

Vulnerabilities 2,812

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy