Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,816 vulnerabilities with CWE-502

CVE-2025-5498 MEDIUM

Slackero phpwcms <1.9.45/1.10.8 - Deserialization

CVE-2025-5497 MEDIUM

Slackero phpwcms <1.9.45/1.10.8 - Deserialization

CVE-2025-2939 MEDIUM

Ninja Tables 5.0.18 - Code Injection

CVE-2025-5086 CRITICAL KEV

DELMIA Apriso <2025 - Code Injection

CVE-2025-49113 CRITICAL KEV

Roundcube Webmail < 1.5.10 and 1.6.x < 1.6.11 - Authenticated Remote Code Execution via PHP Object Deserialization

CVE-2025-5326 MEDIUM

zhilink ADP Application Developer Platform 1.0.0 - Deserialization of Untrusted Data via /adpweb/wechat/verifyToken/

CVE-2025-48336 CRITICAL

ThimPress Course Builder <3.6.6 - Code Injection

CVE-2025-48389 HIGH

FreeScout <1.8.178 - Deserialization

CVE-2025-27528 CRITICAL

Apache InLong <2.2.0 - Deserialization

CVE-2025-27526 MEDIUM

Apache InLong <2.2.0 - Deserialization

CVE-2025-27522 MEDIUM

Apache InLong <2.2.0 - Deserialization

CVE-2025-5174 MEDIUM

erdogant pypickle < 2.0.0 - Deserialization of Untrusted Data via load Function

CVE-2025-5173 MEDIUM

HumanSignal label-studio-ml-backend - Deserialization of Untrusted Data in PT File Handler

CVE-2025-5148 MEDIUM

FunAudioLLM InspireMusic - Remote Code Execution via Pickle Deserialization in load_state_dict

CVE-2025-5114 MEDIUM

easycorp zentaopms 21.5_20250307 - Deserialization of Untrusted Data via filePath Parameter

CVE-2025-48289 CRITICAL

AncoraThemes Kids Planet <2.2.14 - Code Injection

CVE-2025-48287 CRITICAL

Pagaleve Pix <1.6.9 - Code Injection

CVE-2025-47660 HIGH

WC Affiliate <2.9.1 - Object Injection

CVE-2025-47568 CRITICAL

ZoomSounds <= 6.91 - PHP Object Injection via Untrusted Data Deserialization

CVE-2025-47532 CRITICAL

CoinPayments <1.0.17 - Code Injection

CVE-2025-47530 CRITICAL

WPFunnels <= 3.5.18 - PHP Object Injection via Untrusted Data Deserialization

CVE-2025-39503 CRITICAL

Goodlayers Hotel <3.1.4 - Object Injection

CVE-2025-39500 CRITICAL

Goodlayers Hostel <3.1.2 - Object Injection

CVE-2025-39499 CRITICAL

BoldThemes Medicare <2.1.0 - Code Injection

CVE-2025-39495 CRITICAL

BoldThemes Avantage -<2.4.6 - Code Injection

Previous Page 37 of 113 Next

Details

Vulnerabilities 2,816

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy