Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,816 vulnerabilities with CWE-502

CVE-2025-43846 CRITICAL

Retrieval-based-Voice-Conversion-WebUI < 2.2.231006 - Remote Code Execution via Unsafe Torch Deserialization

CVE-2025-4260 MEDIUM

zhangyanbo2007 youkefu <4.2.0 - Deserialization

CVE-2025-46567 MEDIUM

LLaMA-Factory <1.0.0 - Deserialization

CVE-2025-23254 HIGH

NVIDIA TensorRT-LLM - Code Execution

CVE-2025-32444 CRITICAL

vllm 0.6.5-0.8.5 - Remote Code Execution via Pickle Deserialization

CVE-2025-34491 HIGH

GFI MailEssentials < 21.8 - Authenticated Remote Code Execution via .NET Deserialization

CVE-2025-34489 HIGH

GFI MailEssentials < 21.8 - Local Privilege Escalation via .NET Remoting Service Deserialization

CVE-2025-2105 HIGH

Jupiter X Core <4.8.11 - Code Injection

CVE-2025-3935 HIGH KEV

ScreenConnect <25.2.3 - Code Injection

CVE-2025-46481 HIGH

Flickr Shortcode Importer <2.2.3 - Code Injection

CVE-2025-46473 HIGH

djjmz Social Counter <2.0.5 - Code Injection

CVE-2025-23249 HIGH

NVIDIA NeMo < 25.02 - Remote Code Execution via Untrusted Data Deserialization

CVE-2025-3857 HIGH

Amazon.IonDotnet < 1.3.1 - Denial of Service via RawBinaryReader Binary Deserialization

CVE-2025-32434 CRITICAL

PyTorch < 2.6.0 - Remote Code Execution via torch.load with weights_only=True

CVE-2025-29953 CRITICAL

Apache ActiveMQ NMS OpenWire Client <2.1.1 - Deserialization

CVE-2025-39588 CRITICAL

Ultimate Store Kit Elementor Addons <2.4.0 - Code Injection

CVE-2025-39551 CRITICAL

FluentBoards <1.48 - Code Injection

CVE-2025-39550 CRITICAL

Shahjahan Jewel FluentCommunity <1.2.15 - Code Injection

CVE-2025-39527 HIGH

Rating by BestWebSoft <1.7 - Object Injection

CVE-2025-32686 HIGH

WP Speedo Team Members <3.4.0 - Object Injection

CVE-2025-32662 HIGH

Stylemix uListing <2.2.0 - Code Injection

CVE-2025-32658 CRITICAL

wpWax HelpGent <2.2.4 - Code Injection

CVE-2025-32647 HIGH

PickPlugins Question Answer <1.2.70 - Object Injection

CVE-2025-32572 CRITICAL

Climax Themes Kata Plus <1.5.2 - Code Injection

CVE-2025-32571 HIGH

TuriTop Booking System <1.0.10 - Object Injection

Previous Page 40 of 113 Next

Details

Vulnerabilities 2,816

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy