Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,813 vulnerabilities with CWE-502

CVE-2025-54686 CRITICAL

scriptsbundle Exertio <1.3.2 - Object Injection

CVE-2025-49869 HIGH

Arraytics Eventin <4.0.31 - Object Injection

CVE-2025-47536 HIGH

Content Egg <7.0.0 - Code Injection

CVE-2025-23303 HIGH

NVIDIA NeMo < 2.3.2 - Remote Code Execution via Untrusted Data Deserialization

CVE-2025-34153 CRITICAL

Hyland OnBase <17.0.2.87 - Unauthenticated RCE

CVE-2025-2180 MEDIUM

Palo Alto Networks Checkov <3.2.415 - Code Injection

CVE-2025-7384 CRITICAL

Database for Contact Form 7, WPforms, Elementor forms - Code Injection

CVE-2025-53772 HIGH

Web Deploy 4.0 < 10.0.2001 - Authenticated Remote Code Execution via Untrusted Data Deserialization

CVE-2025-49712 HIGH

Microsoft SharePoint Server - Remote Code Execution via Untrusted Data Deserialization

CVE-2025-55010 CRITICAL

Kanboard <1.2.47 - Remote Code Execution

CVE-2025-40759 HIGH

SIMATIC S7-PLCSIM V17, STEP 7 V17<9, STEP 7 V18, STEP 7 V19<4, STEP...

CVE-2025-45146 CRITICAL

ModelCache < 0.2.0 - Remote Code Execution via Unsafe Deserialization in Data Manager

CVE-2025-8747 HIGH

Keras 3.0.0-3.10.0 - Remote Code Execution via Model.load_model Safe Mode Bypass

CVE-2025-53606 CRITICAL

Apache Seata <2.5.0 - Deserialization

CVE-2025-8708 MEDIUM

Antabot White-Jotter 0.22 - Deserialization in ShiroConfiguration CookieRememberMeManager

CVE-2025-54886 HIGH

skops < 0.13.0 - Remote Code Execution via Joblib Fallback in Card.get_model

CVE-2025-55136 MEDIUM

ERC <= 0.3 - Insecure jsonpickle Deserialization

CVE-2025-54640 MEDIUM

HarmonyOS - Deserialization of Untrusted Data in Attribute Deserialization

CVE-2025-54639 MEDIUM

HarmonyOS - Deserialization of Untrusted Data in Attribute ParcelMismatch

CVE-2025-54638 MEDIUM

HarmonyOS - Denial of Service via AD Module Deserialization

CVE-2025-54620 MEDIUM

HarmonyOS - Denial of Service via Untrusted Data Deserialization in Ability Module

CVE-2025-50472 CRITICAL

modelscope/ms-swift <= 2.6.1 - Remote Code Execution via Pickle Deserialization in ModelFileSystemCache

CVE-2025-50460 CRITICAL

ms-swift 3.3.0 - Remote Code Execution via Unsafe YAML Deserialization

CVE-2025-49083 HIGH

Absolute Secure Access 12.00-13.56 - Authenticated Remote Code Execution via Unsafe Deserialization

CVE-2025-25692 MEDIUM

PrestaShop 8.2.0 - Remote Code Execution via PHAR Deserialization in _getHeaders

Previous Page 32 of 113 Next

Details

Vulnerabilities 2,813

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy