Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,816 vulnerabilities with CWE-502

CVE-2025-27287 CRITICAL

SS Quiz <= 2.0.5 - PHP Object Injection via Untrusted Data Deserialization

CVE-2025-27286 CRITICAL

Saoshyant Slider <3.0 - Code Injection

CVE-2025-39565 MEDIUM

MelaPress Login Security <= 2.1.0 - PHP Object Injection via Untrusted Data Deserialization

CVE-2025-3677 MEDIUM

lm-sys fastchat <0.2.36 - Deserialization

CVE-2025-30985 CRITICAL

GNUCommerce <1.5.4 - Code Injection

CVE-2025-3622 MEDIUM

Xorbits Inference <1.4.1 - Deserialization

CVE-2025-3590 MEDIUM

Adianti Framework <8.0 - Deserialization

CVE-2025-31935 MEDIUM

Subnet Solutions PowerSYSTEM Center - DoS

CVE-2025-3439 CRITICAL

Everest Forms < 3.1.1 - Unauthenticated PHP Object Injection via Field Value Parameter

CVE-2025-31932 HIGH

BizRobo! - Remote Code Execution via Untrusted Data Deserialization

CVE-2025-32607 CRITICAL

WpBookingly <1.2.0 - Object Injection

CVE-2025-32569 CRITICAL

TableOn - WordPress Posts Table Filterable <1.0.2 - Code Injection

CVE-2025-32568 CRITICAL

Empik Place for Woocommerce <1.4.2 - Object Injection

CVE-2025-32144 HIGH

PickPlugins Job Board Manager <2.1.60 - Object Injection

CVE-2025-32143 HIGH

PickPlugins Accordion <2.3.10 - Code Injection

CVE-2025-32145 HIGH

WpEvently <= 4.3.6 - PHP Object Injection via Untrusted Data Deserialization

CVE-2025-32375 CRITICAL

BentoML < 1.4.8 - Remote Code Execution via Insecure Deserialization

CVE-2025-30285 HIGH

ColdFusion <2023.12, 2021.18, 2025.0 - Deserialization

CVE-2025-30284 HIGH

ColdFusion <2023.12, 2021.18, 2025.0 - Deserialization

CVE-2025-24447 CRITICAL

ColdFusion 2023.12 2021.18 2025.0 and earlier - Deserialization of Untrusted Data

CVE-2025-29793 HIGH

Microsoft SharePoint Enterprise Server - Remote Code Execution via Untrusted Data Deserialization

CVE-2025-3413 MEDIUM

opplus springboot-admin - Deserialization of Untrusted Data via SysGeneratorController Tables Argument

CVE-2025-3425 HIGH

IntelliSpace Portal <12 - Deserialization

CVE-2025-2251 MEDIUM

Red Hat JBoss EAP 7.4.23 - Unauthenticated Remote Code Execution via Marshalling Deserialization

CVE-2025-31175 HIGH

Huawei EMUI and HarmonyOS - Deserialization of Untrusted Data in DSoftBus Module

Previous Page 41 of 113 Next

Details

Vulnerabilities 2,816

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy