Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,813 vulnerabilities with CWE-502

CVE-2025-49837 CRITICAL

gpt-sovits-webui < 20250228v3 - Unsafe Deserialization via AudioPre Model Path

CVE-2025-30761 MEDIUM

Oracle JDK and GraalVM Enterprise Edition - Unauthenticated Deserialization of Untrusted Data in Scripting Component

CVE-2025-7504 HIGH

Friends WordPress Plugin 3.5.1 - Code Injection

CVE-2025-30025 HIGH

Server Process - Privilege Escalation

CVE-2025-30023 CRITICAL

AXIS Camera Station < 5.58.47195 & Pro < 6.9.47069 - Authenticated RCE via Untrusted Deserialization

CVE-2025-6742 HIGH

SureForms <= 1.7.3 - Unauthenticated PHP Object Injection

CVE-2025-7216 HIGH

lty628 Aidigu <1.8.2 - Deserialization

CVE-2025-49533 CRITICAL

Adobe Experience Manager < 6.5.23.0 - Deserialization of Untrusted Data

CVE-2025-27203 CRITICAL

Adobe Connect <24.0 - Code Injection

CVE-2025-47994 HIGH

Microsoft 365 Apps and Office - Privilege Escalation via Untrusted Data Deserialization

CVE-2025-42980 CRITICAL

SAP NetWeaver Enterprise Portal Federated Portal Network - Deserial...

CVE-2025-42966 CRITICAL

SAP NetWeaver XML Data Archiving Service - Deserialization

CVE-2025-42964 CRITICAL

SAP NetWeaver Enterprise Portal - Code Injection

CVE-2025-42963 CRITICAL

SAP NetWeaver Application server for Java Log Viewer - Use After Free

CVE-2025-6811 CRITICAL

Mescius ActiveReports.NET - Deserialization

CVE-2025-6810 CRITICAL

Mescius ActiveReports.NET - Remote Code Execution via ReadValue Deserialization

CVE-2025-7099 MEDIUM

BoyunCMS < 1.21 - Deserialization via Install Handler db_host Argument

CVE-2025-52828 HIGH

designthemes Red Art <3.7 - Code Injection

CVE-2025-49417 CRITICAL

BestWpDeveloper WooCommerce Product Multi-Action <1.3 - Code Injection

CVE-2025-43713 MEDIUM

ASNA Assist & Registrar <2025-03-31 - Deserialization

CVE-2025-34067 CRITICAL

Hikvision Integrated Security Management Platform - RCE

CVE-2025-6464 HIGH

Forminator Forms < 1.44.3 - Unauthenticated PHP Object Injection via Entry Delete Upload Files

CVE-2025-34060 CRITICAL

Monero Project's Laravel-based forum < - Code Injection

CVE-2025-53416 HIGH

Delta Electronics DTN Soft Project File Parsing - Deserialization

CVE-2025-53415 HIGH

Delta Electronics DTM Soft Project File Parsing - Deserialization

Previous Page 34 of 113 Next

Details

Vulnerabilities 2,813

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy