Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,741 vulnerabilities with CWE-502

CVE-2026-45247 CRITICAL KEV

Mirasvit Cache Warmer for Magento < 1.11.12 PHP Object Injection

CVE-2026-9497 MEDIUM

changmingxie tcc-transaction Fastjson AutoType REST API Fastjson.parseObject deserialization

CVE-2026-4372 HIGH

Arbitrary Remote Code Execution via `_attn_implementation_internal` Config Injection in huggingface/transformers

CVE-2026-45659 HIGH

Microsoft SharePoint Remote Code Execution Vulnerability

CVE-2026-41104 CRITICAL

Microsoft Planetary Computer Pro Information Disclosure Vulnerability

CVE-2026-9291 HIGH

Insecure Deserialization in Amazon Braket SDK Job Results Processing

CVE-2026-39832 CRITICAL

Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent

CVE-2026-8135 HIGH

Concrete CMS 9.5.0 and below is vulnerable to RCE due to insecure deserialization occurring in the ExpressEntryList block controller.

CVE-2026-48207 CRITICAL

Apache Fory: PyFory ReduceSerializer Incomplete Policy Enforcement

CVE-2026-24216 HIGH

NVIDIA BioNeMo Framework < commit dfd83a7 in Main - Deserialization of Untrusted Data

CVE-2026-7637 CRITICAL

Boost <= 2.0.3 - Unauthenticated PHP Object Injection via STYXKEY-BOOST_USER_LOCATION Cookie

CVE-2026-24163 HIGH

NVIDIA TensorRT-LLM < 1.2 - Remote Code Execution via Unsafe RPC Deserialization

CVE-2026-24142 MEDIUM

NVIDIA TensorRT-LLM < 1.2 - Remote Code Execution via Unsafe Deserialization

CVE-2026-6009 HIGH

Jaspersoft Library Deserialisation Vulnerability

CVE-2026-31072 CRITICAL

APScheduler - Remote Code Execution via Insecure Deserialization in JSONSerializer and CBORSerializer

CVE-2026-43633 CRITICAL

HestiaCP 1.9.0-1.9.4 Deserialization RCE via Web Terminal

CVE-2026-8727 HIGH

Remote Code Execution in extension "Site Crawler" (crawler)

CVE-2026-46725 CRITICAL

Remote Code Execution in extension "Content Element Selector" (ceselector)

CVE-2026-33233 HIGH

AutoGPT Platform: Remote Code Execution via Unsafe Pickle Deserialization of Redis Cache Entries

CVE-2026-26978 HIGH

Free PBX backup: Deserialization of Untrusted Data in admin/modules/backup/Models/BackupSplFileInfo.php

CVE-2026-7304 CRITICAL

SGLang - Unauthenticated Remote Code Execution via Pickle Deserialization

CVE-2026-7301 CRITICAL

SGLang - Remote Code Execution

CVE-2026-8751 HIGH

h2oai h2o-3 JAR Model.java importBinaryModel deserialization

CVE-2026-8735 MEDIUM

Oinone Pamirs appConfigQuery PamirsParserConfig.java JsonUtils.parseMap deserialization

CVE-2026-8612 MEDIUM

WWW::Mechanize::Cached < 2.00 - Local Code Execution via Cache Response Forgery

Previous Page 4 of 110 Next

Details

Vulnerabilities 2,741

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy