Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,816 vulnerabilities with CWE-502

CVE-2025-34060 CRITICAL

Monero Project's Laravel-based forum < - Code Injection

CVE-2025-53416 HIGH

Delta Electronics DTN Soft Project File Parsing - Deserialization

CVE-2025-53415 HIGH

Delta Electronics DTM Soft Project File Parsing - Deserialization

CVE-2025-53393 MEDIUM

Akka < 2.10.6 - Remote Code Execution via Java Deserialization in Cluster Metrics

CVE-2025-32897 CRITICAL

Apache Seata 2.0.0-2.3.0 - Deserialization of Untrusted Data in Raft Cluster Mode

CVE-2025-52827 HIGH

Nuss <= 1.3.3 - PHP Object Injection via Untrusted Data Deserialization

CVE-2025-52826 HIGH

uxper Sala < 1.1.3 - PHP Object Injection via Untrusted Data Deserialization

CVE-2025-52725 CRITICAL

CouponXxL <3.0.0 - Object Injection

CVE-2025-52724 CRITICAL

BoldThemes Amwerk <1.2.0 - Object Injection

CVE-2025-28970 CRITICAL

WP Optimize By xTraffic <5.1.6 - Object Injection

CVE-2025-53002 HIGH

LLaMA-Factory <= 0.9.3 - Remote Code Execution via Malicious Checkpoint Path Parameter

CVE-2025-36038 CRITICAL

IBM WebSphere Application Server 8.5-8.5.5.28 - Remote Code Execution via Deserialization

CVE-2025-2566 CRITICAL

Kaleris NAVIS N4 ULC - Code Injection

CVE-2025-25034 CRITICAL

SugarCRM - Unauthenticated Remote Code Execution via PHP Object Injection

CVE-2025-47771 HIGH

PowSyBl 6.3.0-6.7.1 - Deserialization of Untrusted Data in SparseMatrix Read Method

CVE-2025-6279 MEDIUM

Upsonic < 0.55.6 - Remote Code Execution via cloudpickle.loads Deserialization

CVE-2025-49217 CRITICAL

Trend Micro Endpoint Encryption < 6.0.0.4013 - Unauthenticated Remote Code Execution via Insecure Deserialization

CVE-2025-49214 HIGH

Trend Micro Endpoint Encryption < 6.0.0.4013 - Authenticated Remote Code Execution via Insecure Deserialization

CVE-2025-49213 CRITICAL

Trend Micro Endpoint Encryption < 6.0.0.4013 - Unauthenticated Remote Code Execution via Insecure Deserialization

CVE-2025-49212 CRITICAL

Trend Micro Endpoint Encryption < 6.0.0.4013 - Unauthenticated Remote Code Execution via Insecure Deserialization

CVE-2025-49220 CRITICAL

Trend Micro Apex Central < 8.0.7007 - Unauthenticated Remote Code Execution via Insecure Deserialization

CVE-2025-49219 CRITICAL

Trend Micro Apex Central - Pre-Authentication Remote Code Execution via Insecure Deserialization

CVE-2025-49331 HIGH

impleCode eCommerce Product Catalog <3.4.3 - Object Injection

CVE-2025-49330 CRITICAL

CRM Perks Integration - Code Injection

CVE-2025-31919 CRITICAL

themeton Spare <1.7 - Object Injection

Previous Page 35 of 113 Next

Details

Vulnerabilities 2,816

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy