Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,812 vulnerabilities with CWE-502

CVE-2025-10950 MEDIUM

geyang ml-logger < acf255bade5be6ad88d90735c8367b28cbe3a743 - Remote Code Execution via Deserialization in Ping Handler

CVE-2025-56816 HIGH

Datart 1.0.0-rc.3 - Directory Traversal and Remote Code Execution via YAML Deserialization

CVE-2025-48459 MEDIUM

Apache IoTDB <2.0.5 - Deserialization

CVE-2025-26399 CRITICAL KEV

SolarWinds Web Help Desk < 12.8.6 - Unauthenticated Remote Code Execution via AjaxProxy Deserialization

CVE-2025-58662 HIGH

Awesome Support <6.3.4 - Code Injection

CVE-2025-57919 HIGH

ConveyThis Language Translate Widget <264 - Code Injection

CVE-2025-53465 HIGH

raoinfotech GSheets Connector <1.1.1 - Code Injection

CVE-2025-10771 MEDIUM

jeecg/jimureport < 2.1.2 - Remote Code Execution via DB2 JDBC Handler Deserialization

CVE-2025-10770 MEDIUM

jeecg/jimureport < 2.1.2 - Deserialization via MySQL JDBC Handler

CVE-2025-10769 MEDIUM

h2o 3.0.0.2-3.46.0.8 - Deserialization via ImportSQLTable Connection URL

CVE-2025-10768 MEDIUM

h2o 3.0.0.2-3.46.0.8 - Deserialization via IBMDB2 JDBC Driver Connection URL

CVE-2025-6544 CRITICAL

h2oai/h2o-3 <= 3.46.0.8 - Remote Code Execution via JDBC Connection Parameter Deserialization

CVE-2025-9906 HIGH

Keras 3.0.0-3.10.9 - Remote Code Execution via Model.load_model Deserialization

CVE-2025-59713 MEDIUM

Snipe-IT < 8.1.18 - Unauthenticated Deserialization of Untrusted Data

CVE-2025-10035 CRITICAL KEV

Fortra GoAnywhere MFT < 7.6.3 - Deserialization of Untrusted Data via License Servlet

CVE-2025-9083 CRITICAL

Ninja Forms <3.11.1 - Code Injection

CVE-2025-59050 HIGH

Greenshot < 1.3.301 - Unauthenticated Remote Code Execution via WM_COPYDATA Message Deserialization

CVE-2025-10492 CRITICAL

Cloud Jasperreports IO < 4.0.0 - Insecure Deserialization

CVE-2025-59328 MEDIUM

Apache Fory < 0.12.2 - Denial of Service via Insecure Deserialization

CVE-2025-58748 CRITICAL

Dataease < 2.10.13 - Remote Code Execution via H2 JDBC URL Deserialization

CVE-2025-58046 CRITICAL

Dataease <= 2.10.12 - Remote Code Execution via Impala JDBC Connection String JNDI Injection

CVE-2025-10433 MEDIUM

1Panel-dev MaxKB <2.0.2/2.1.0 - Deserialization

CVE-2025-10252 LOW

SEAT Queue Ticket Kiosk <20250827 - Deserialization

CVE-2025-10164 HIGH

sglang - Remote Code Execution via Pickle Deserialization

CVE-2025-55232 CRITICAL

Microsoft HPC Pack < 6.3.8352 - Remote Code Execution via Untrusted Data Deserialization

Previous Page 29 of 113 Next

Details

Vulnerabilities 2,812

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy