Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,593 vulnerabilities with CWE-502

CVE-2026-5659 MEDIUM

pytries datrie trie File datrie.pyx Trie.__setstate__ deserialization

CVE-2026-5536 HIGH

FedML-AI FedML gRPC server grpc_server.py sendMessage deserialization

CVE-2026-5473 MEDIUM

NASA cFS Pickle pickle.load deserialization

CVE-2026-35537 LOW

Roundcube Webmail <1.5.14 - Deserialization

CVE-2026-34838 CRITICAL

Group-Office: Authenticated Remote Code Execution via PHP Insecure Deserialization in `AbstractSettingsCollection`

CVE-2026-34877 CRITICAL

Mbed TLS 2.19.0-3.6.5, 4.0.0 - Memory Corruption

CVE-2026-29782 HIGH

OpenSTAManager: Remote Code Execution via Insecure Deserialization in OAuth2

CVE-2026-24165 HIGH

Nvidia Bionemo Framework - Denial of Service

CVE-2026-24164 HIGH

Nvidia Bionemo Framework - Denial of Service

CVE-2026-34202 HIGH

Zebra node crash — V5 transaction hash panic (P2P reachable)

CVE-2026-4266 HIGH

WatchGuard Firebox Insecure Deserialization in Fireware Access Portal

CVE-2026-4416 HIGH

GIGABYTE｜Performance Library - Insecure Deserialization

CVE-2026-4851 CRITICAL

GRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe deserialization

CVE-2026-33728 CRITICAL

dd-trace-java: Unsafe deserialization in RMI instrumentation may lead to remote code execution

CVE-2026-33725 HIGH

Metabase vulnerable to RCE and Arbitrary File Read via H2 JDBC INIT Injection in EE Serialization Import

CVE-2026-33701 CRITICAL

OpenTelemetry: Unsafe Deserialization in RMI Instrumentation may Lead to Remote Code Execution

CVE-2026-4860 HIGH

648540858 wvp-GB28181-pro API Endpoint RedisTemplateConfig.java GenericFastJsonRedisSerializer deserialization

CVE-2026-3328 HIGH

Frontend Admin by DynamiApps <= 3.28.31 - Authenticated (Editor+) PHP Object Injection via 'post_content' of Admin Form Posts

CVE-2026-33942 CRITICAL

Saloon has insecure deserialization in AccessTokenAuthenticator (object injection / RCE)

CVE-2026-32513 HIGH

WordPress JS Archive List plugin <= 6.1.7 - PHP Object Injection vulnerability

CVE-2026-32512 CRITICAL

WordPress Pelicula theme < 1.10 - PHP Object Injection vulnerability

CVE-2026-32511 MEDIUM

WordPress Stål theme < 1.7 - Arbitrary Object Instantiation vulnerability

CVE-2026-32510 MEDIUM

WordPress Kamperen theme < 1.3 - Arbitrary Object Instantiation vulnerability

CVE-2026-32509 MEDIUM

WordPress Gracey theme < 1.4 - Arbitrary Object Instantiation vulnerability

CVE-2026-32508 MEDIUM

WordPress Halstein theme < 1.8 - Arbitrary Object Instantiation vulnerability

Previous Page 3 of 104 Next

Details

Vulnerabilities 2,593

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy