Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,816 vulnerabilities with CWE-502

CVE-2025-3250 MEDIUM

elunez eladmin 2.7 - Deserialization

CVE-2025-27520 CRITICAL

BentoML >=1.3.4 <1.4.3 - Unauthenticated Remote Code Execution via Insecure Deserialization

CVE-2025-2244 CRITICAL

Bitdefender GravityZone < 6.41.2-1 - Remote Code Execution via PHP Deserialization in Emails.php

CVE-2025-3165 MEDIUM

thu-pacman chitu <0.1.0 - Deserialization

CVE-2025-3162 MEDIUM

InternLM LMDeploy < 0.7.1 - Deserialization in PT File Handler

CVE-2025-30889 HIGH

PickPlugins Testimonial Slider <2.0.13 - Code Injection

CVE-2025-31612 CRITICAL

Sabuj Kundu CBX Poll <1.2.7 - Object Injection

CVE-2025-30892 HIGH

WpTravelly <= 1.8.7 - PHP Object Injection via Untrusted Data Deserialization

CVE-2025-27130 HIGH

Welcart e-Commerce <2.11.6 - Code Injection

CVE-2025-30065 CRITICAL

Apache Parquet Java < 1.15.1 - Remote Code Execution via Schema Parsing

CVE-2025-31087 CRITICAL

Multiple Shipping And Billing Address For Woocommerce <1.5 - Code I...

CVE-2025-31084 CRITICAL

Sunshine Photo Cart <= 3.4.10 - PHP Object Injection via Untrusted Data Deserialization

CVE-2025-31074 HIGH

MDJM Event Management <1.7.5.2 - Object Injection

CVE-2025-31129 HIGH

jooby-pac4j < 2.17.0 and 3.0.0.M1-3.6.1 - Deserialization of Untrusted Data in SessionStoreImpl

CVE-2025-31103 HIGH

a-blog cms < 2.8.80 - Remote Code Execution via Untrusted Data Deserialization

CVE-2025-22526 CRITICAL

PHP/MySQL CPU performance statistics <1.2.1 - Object Injection

CVE-2025-2485 HIGH

Contact Form 7 <1.3.8.7 - Code Injection

CVE-2025-26873 CRITICAL

Shine theme Traveler <3.2.1 - Use After Free

CVE-2025-2855 MEDIUM

eladmin < 2.7 - Deserialization of Untrusted Data via /api/deploy/upload checkFile Function

CVE-2025-30773 HIGH

Cozmoslabs TranslatePress <2.9.6 - Object Injection

CVE-2025-2332 CRITICAL

Export All Posts, Products, Orders, Refunds & Users <2.13 - Code In...

CVE-2025-1913 HIGH

Product Import Export for WooCommerce - Code Injection

CVE-2025-29310 CRITICAL

ONOS 2.7.0 - Remote Code Execution via Crafted LLDP Packet Deserialization

CVE-2025-2690 MEDIUM

Yii 2.0.0-2.0.39 - Remote Code Execution via Untrusted Data Deserialization

CVE-2025-2689 MEDIUM

Yii 2.0.0-2.0.45 - Deserialization of Untrusted Data in SortableIterator

Previous Page 42 of 113 Next

Details

Vulnerabilities 2,816

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy