Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,813 vulnerabilities with CWE-502

CVE-2025-55232 CRITICAL

Microsoft HPC Pack < 6.3.8352 - Remote Code Execution via Untrusted Data Deserialization

CVE-2025-54897 HIGH

Microsoft SharePoint Server - Remote Code Execution via Untrusted Data Deserialization

CVE-2025-53303 HIGH

ThemeMove Core <1.4.2 - Code Injection

CVE-2025-48101 HIGH

Constant Contact for WordPress <4.1.1 - Code Injection

CVE-2025-47579 CRITICAL

ThemeGoods Photography <= 7.7.2 - Unauthenticated PHP Object Injection via Deserialization

CVE-2025-41701 HIGH

Engineering Tool <version> - Command Injection

CVE-2025-42944 CRITICAL

SAP NetWeaver - Unauthenticated Remote Code Execution via RMI-P4 Deserialization

CVE-2025-58757 HIGH

MONAI < 1.5.0 - Remote Code Execution via Pickle Deserialization

CVE-2025-58756 HIGH

MONAI < 1.5.0 - Deserialization of Untrusted Data via Checkpoint Loading

CVE-2025-58782 MEDIUM

Apache Jackrabbit Core/JCR Commons <2.22.1 - Deserialization

CVE-2025-58839 HIGH

aThemeArt Translations eDS Responsive Menu <1.2 - Object Injection

CVE-2025-58815 HIGH

Rubel Miah Aitasi Coming Soon <2.0.2 - Object Injection

CVE-2025-48535 HIGH

Android - Local Privilege Escalation via Unsafe Deserialization in AppRestrictionsFragment

CVE-2025-32312 HIGH

Android - Local Privilege Escalation via Unsafe Deserialization in PackageParser

CVE-2025-9365 HIGH

Fuji Electric FRENIC-Loader 4 - Code Injection

CVE-2025-53690 CRITICAL KEV

Sitecore XM/X <9.0 - Code Injection

CVE-2025-58644 HIGH

Enituretechnology LTL Freight Quotes - TQL Edition <1.2.6 - Code In...

CVE-2025-58643 HIGH

enuiretechnology LTL Freight Quotes - Daylight Edition <2.2.7 - Cod...

CVE-2025-58642 HIGH

Enituretechnology LTL Freight Quotes - Day & Ross Edition <2.1.11 -...

CVE-2025-53691 HIGH

Sitecore XP 9.0-9.3, 10.0-10.4 - RCE via Untrusted Deserialization

CVE-2025-58163 HIGH

FreeScout < 1.8.186 - Authenticated Remote Code Execution via Untrusted Data Deserialization in Decrypt Function

CVE-2025-9260 MEDIUM

Fluent Forms <6.1.1 - Code Injection

CVE-2025-7976 HIGH

Anritsu ShockLine < 2025.4.2 - Remote Code Execution via CHX File Deserialization

CVE-2025-9188 HIGH

DASYLab - Remote Code Execution via Crafted DSB File Deserialization

CVE-2025-5662 CRITICAL

h2oai/h2o-3 < 3.46.0.8 - Remote Code Execution via JDBC Connection Parameter Deserialization

Previous Page 30 of 113 Next

Details

Vulnerabilities 2,813

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy