Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,816 vulnerabilities with CWE-502

CVE-2025-30618 CRITICAL

yuliaz Rapyd Payment Extension <1.2.0 - Object Injection

CVE-2025-24919 HIGH

Dell ControlVault3 <5.15.10.14-6.2.26.36 - Code Injection

CVE-2025-47166 HIGH

Microsoft SharePoint Enterprise Server - Remote Code Execution via Untrusted Data Deserialization

CVE-2025-47163 HIGH

Microsoft SharePoint Enterprise Server - Remote Code Execution via Untrusted Data Deserialization

CVE-2025-49507 CRITICAL

LoftOcean CozyStay <1.7.1 - Code Injection

CVE-2025-27819 HIGH

Apache Kafka 2.0.0-3.3.2 and 3.4.0 - Remote Code Execution via SASL JAAS JndiLoginModule Configuration

CVE-2025-27818 HIGH

Apache Kafka 2.3.0-3.9.0 - Authenticated Remote Code Execution via SASL JAAS LDAP Deserialization

CVE-2025-31429 CRITICAL

PressGrid - Frontend Publish Reaction & Multimedia Theme <1.3.1 - C...

CVE-2025-31398 CRITICAL

PIMP - Creative MultiPurpose <1.7 - Object Injection

CVE-2025-31396 CRITICAL

themeton FLAP - Business WordPress Theme <1.5 - Code Injection

CVE-2025-31052 CRITICAL

The Fashion - Model Agency One Page Beauty Theme <1.4.4 - Code Inje...

CVE-2025-49127 HIGH

Kafbat UI 1.0.0 - Unauthenticated Remote Code Execution via Unsafe Deserialization

CVE-2025-27531 CRITICAL

Apache InLong <2.1.0 - Deserialization

CVE-2025-49073 CRITICAL

Sweet Dessert < 1.1.13 - PHP Object Injection via Untrusted Data Deserialization

CVE-2025-49072 CRITICAL

AncoraThemes Mr. Murphy <1.2.12.1 - Code Injection

CVE-2025-47584 HIGH

ThemeGoods Photography < 7.5.2 - Deserialization of Untrusted Data

CVE-2025-39358 HIGH

Teastudio.Pl WP Posts Carousel <1.3.12 - Code Injection

CVE-2025-48780 CRITICAL

Soar Cloud HRD <7.3.2025.0408 - Code Injection

CVE-2025-5680 MEDIUM

AgileBPM < 2.5.0 - Deserialization via Groovy Script Handler

CVE-2025-5679 MEDIUM

AgileBPM < 2.5.0 - Remote Code Execution via FreeMarker Template Deserialization

CVE-2025-20276 LOW

Cisco Unified Contact Center Express - Authenticated Remote Code Execution via Insecure Java Deserialization

CVE-2025-20275 MEDIUM

Cisco Unified CCX Editor - Code Injection

CVE-2025-5552 MEDIUM

ChestnutCMS <15.1 - Deserialization

CVE-2025-48951 CRITICAL

auth0-php 8.0.0-BETA3-8.3.1 - Unauthenticated Deserialization of Untrusted Data via Cookie

CVE-2025-5499 HIGH

Slackero phpwcms <1.9.45/1.10.8 - Deserialization

Previous Page 36 of 113 Next

Details

Vulnerabilities 2,816

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy