Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,816 vulnerabilities with CWE-502

CVE-2025-39485 CRITICAL

ThemeGoods Grand Tour <= 5.6 - PHP Object Injection via Untrusted Data Deserialization

CVE-2025-39480 CRITICAL

ThemeMakers Car Dealer <1.6.6 - Code Injection

CVE-2025-32293 HIGH

designthemes Finance Consultant <2.8 - Code Injection

CVE-2025-32292 CRITICAL

AncoraThemes Jarvis - Night Club, Concert, Festival <1.8.11 - Deser...

CVE-2025-32284 HIGH

designthemes Pet World <2.8 - Code Injection

CVE-2025-31927 CRITICAL

Acerola < 1.6.5 - PHP Object Injection via Untrusted Data Deserialization

CVE-2025-31924 HIGH

designthemes Crafts & Arts <2.5 - Code Injection

CVE-2025-31631 CRITICAL

AncoraThemes Fish House <1.2.7 - Code Injection

CVE-2025-31430 CRITICAL

The Business <1.6.1 - Code Injection

CVE-2025-31423 CRITICAL

AncoraThemes Umberto -<1.2.8 - Object Injection

CVE-2025-31069 CRITICAL

HotStar - Multi-Purpose Business Theme <1.4 - Code Injection

CVE-2025-31049 CRITICAL

themeton Dash < 1.3 - PHP Object Injection via Untrusted Data Deserialization

CVE-2025-48200 CRITICAL

sr_feuser_register 5.1.0-12.4.8 - Remote Code Execution via Untrusted Data Deserialization

CVE-2025-4803 HIGH

Glossary by WPPedia - Code Injection

CVE-2025-47277 CRITICAL

vLLM 0.6.5-0.8.4 - Remote Code Execution via PyNcclPipe KV Cache Transfer Deserialization

CVE-2025-48018 HIGH

SEL acSELerator QuickSet 7.5.2.3 - Application State Modification

CVE-2025-39356 CRITICAL

Chimpstudio Foodbakery Sticky Cart <3.2 - Object Injection

CVE-2025-39354 CRITICAL

ThemeGoods Grand Conference <= 5.3 - PHP Object Injection via Untrusted Data Deserialization

CVE-2025-39349 CRITICAL

CiyaShop <= 4.18.0 - PHP Object Injection via Untrusted Data Deserialization

CVE-2025-39348 CRITICAL

ThemeGoods Grand Restaurant < 7.0 - PHP Object Injection via Untrusted Data Deserialization

CVE-2025-32928 CRITICAL

ThemeGoods Altair <= 5.2.2 - PHP Object Injection via Untrusted Data Deserialization

CVE-2025-32927 CRITICAL

Chimpstudio FoodBakery <= 3.3 - PHP Object Injection via Untrusted Data Deserialization

CVE-2025-47581 CRITICAL

Elbisnero WordPress Events Calendar Registration & Tickets <2.6.0 -...

CVE-2025-39410 CRITICAL

themegusta Smart Sections Theme Builder - WPBakery Page Builder Add...

CVE-2025-47582 CRITICAL

QuantumCloud WPBot Pro <12.7.0 - Code Injection

Previous Page 38 of 113 Next

Details

Vulnerabilities 2,816

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy