Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,813 vulnerabilities with CWE-502

CVE-2025-25691 MEDIUM

PrestaShop 8.2.0 - Remote Code Execution via PHAR Deserialization in Theme Import

CVE-2025-53078 HIGH

Samsung Data Management Server Firmware >=2.0.0 <2.3.13.1 - Remote Code Execution via Untrusted Data Deserialization

CVE-2025-8266 MEDIUM

chancms < 3.1.3 - Deserialization via getArticle Function

CVE-2025-8227 MEDIUM

chancms < 3.1.3 - Deserialization via /collect/getArticle taskUrl Parameter

CVE-2025-54366 HIGH

freescout < 1.8.86 - Authenticated Remote Code Execution via Unsafe Deserialization in Helper::decrypt()

CVE-2025-26397 HIGH

SolarWinds Observability Self-Hosted < 2025.2.1 - Privilege Escalation via Untrusted Deserialization

CVE-2025-4393 MEDIUM

Medtronic MyCareLink Patient Monitor <June 25, 2025 - Use After Free

CVE-2025-43489 MEDIUM

Poly Clariti Manager <10.12.1 - Deserialization

CVE-2025-7916 CRITICAL

WinMatrix3 < 3.8.52.5 - Unauthenticated Remote Code Execution via Insecure Deserialization

CVE-2025-7876 MEDIUM

MetaCRM < 6.4.2 - Remote Code Execution via Deserialization in download.jsp AnalyzeParam

CVE-2025-53770 CRITICAL KEV

Microsoft SharePoint Server - Code Injection

CVE-2025-7697 CRITICAL

Google Sheets Integration <=1.1.1 - Unauthenticated PHP Object Injection

CVE-2025-7696 CRITICAL

WordPress Plugin <1.2.3 - Code Injection

CVE-2025-7433 HIGH

Sophos Intercept X for Windows <2025.1 - Privilege Escalation

CVE-2025-31422 HIGH

designthemes Visual Art | Gallery WP <2.4 - Code Injection

CVE-2025-30973 CRITICAL

CoSchool LMS <1.4.3 - Object Injection

CVE-2025-30949 CRITICAL

Guru Team Site Chat <1.0.4 - Code Injection

CVE-2025-28961 CRITICAL

Md Yeasin Ul Haider URL Shortener <3.0.7 - Object Injection

CVE-2025-24779 HIGH

NooTheme Yogi <2.9.0 - Code Injection

CVE-2025-24777 HIGH

awethemes Hillter <3.0.7 - Object Injection

CVE-2025-53990 HIGH

JetFormBuilder <3.5.1.2 - Object Injection

CVE-2025-49841 CRITICAL

gpt-sovits-webui < 20250228v3 - Unsafe Deserialization via SoVITS_dropdown Input

CVE-2025-49840 CRITICAL

gpt-sovits-webui < 20250228v3 - Unsafe Deserialization via GPT_dropdown Input

CVE-2025-49839 CRITICAL

gpt-sovits-webui < 20250228v3 - Unsafe Deserialization via Model Path Input

CVE-2025-49838 CRITICAL

gpt-sovits-webui < 20250228v3 - Unsafe Deserialization via AudioPreDeEcho Model Path

Previous Page 33 of 113 Next

Details

Vulnerabilities 2,813

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy