Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,816 vulnerabilities with CWE-502

CVE-2025-2622 MEDIUM

aizuda snail-job 1.4.0 - Deserialization

CVE-2025-1971 HIGH

Export and Import Users and Customers <= 2.6.2 - Authenticated PHP Object Injection via Form Data Parameter

CVE-2025-0724 HIGH

ProfileGrid - WordPress <5.9.4.5 - Code Injection

CVE-2025-29807 HIGH

Microsoft Dataverse - Remote Code Execution via Untrusted Data Deserialization

CVE-2025-30160 HIGH

redlib < 0.36.0 - Denial of Service via Base2048-Encoded DEFLATE Decompression Bomb

CVE-2025-23120 HIGH

Veeam Backup & Replication 12.0.0.1402-12.3.1.1139 - Remote Code Execution via Untrusted Data Deserialization

CVE-2025-27781 CRITICAL

Applio < 3.2.8-bugfix - Remote Code Execution via Unsafe Deserialization in Model File Handling

CVE-2025-27780 CRITICAL

Applio < 3.2.8-bugfix - Remote Code Execution via Unsafe Deserialization in model_information.py

CVE-2025-27779 CRITICAL

Applio < 3.2.8-bugfix - Remote Code Execution via Unsafe Deserialization in model_blender.py

CVE-2025-27778 CRITICAL

Applio < 3.2.8-bugfix - Remote Code Execution via Unsafe Deserialization in infer.py

CVE-2025-29783 CRITICAL

vllm 0.6.5-0.7.9 - Remote Code Execution via Unsafe Mooncake Deserialization

CVE-2025-2376 HIGH

viames Pair Framework <1.9.11 - Deserialization

CVE-2025-26921 HIGH

Booking and Rental Manager <2.2.6 - Object Injection

CVE-2025-2000 CRITICAL

Qiskit 0.18.0-1.4.1 - Remote Code Execution via QPY Deserialization

CVE-2025-27925 HIGH

Nintex Automation 5.6-5.7 - Deserialization of Untrusted Data

CVE-2025-24813 CRITICAL KEV

Tomcat Partial PUT Java Deserialization

CVE-2025-25940 CRITICAL

VisiCut 2.1 - Remote Code Execution via Insecure XML Deserialization in loadPlfFile

CVE-2025-27816 CRITICAL

Arctera InfoScale 7.0-8.0.2 - Open Redirect

CVE-2025-2043 MEDIUM

pb-cms 1.0.0 - Deserialization of Untrusted Data via Topic Key

CVE-2025-0956 HIGH

WooCommerce Recover Abandoned Cart <24.3.0 - Code Injection

CVE-2025-0912 CRITICAL

GiveWP < 3.20.0 - Unauthenticated PHP Object Injection via Donation Form card_address Parameter

CVE-2025-26999 HIGH

Metagauss ProfileGrid <5.9.4.3 - Code Injection

CVE-2025-26967 HIGH

Events Calendar for GeoDirectory <= 2.3.14 - PHP Object Injection via Untrusted Data Deserialization

CVE-2025-26885 HIGH

Brent Jett Assistant <1.5.1 - Object Injection

CVE-2025-0769 MEDIUM

PixelYourSite 10.1.1.1 - Deserialization of Untrusted Data in Facebook Server Async Task

Previous Page 43 of 113 Next

Details

Vulnerabilities 2,816

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy