Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,816 vulnerabilities with CWE-502

CVE-2025-0767 CRITICAL

WP Activity Log <5.3.2 - Code Injection

CVE-2025-1741 MEDIUM

b1gMail <7.4.1-pl1 - Deserialization

CVE-2025-26900 CRITICAL

Flexmls IDX <3.14.27 - Object Injection

CVE-2025-27301 HIGH

NHR Options Table Manager <1.1.2 - Code Injection

CVE-2025-27300 HIGH

giuliopanda ADFO <1.9.1 - Object Injection

CVE-2025-26763 CRITICAL

MetaSlider Responsive Slider <3.94.0 - Code Injection

CVE-2025-1556 MEDIUM

westboy CicadasCMS 1.0 - Deserialization of Untrusted Data in Template Management

CVE-2025-1403 HIGH

Qiskit 0.45.0-1.2.4 - Denial of Service via Malformed Symengine Serialization Stream

CVE-2025-1186 MEDIUM

xunruicms < 4.6.4 - Deserialization of Untrusted Data via Thumb Argument

CVE-2025-1177 MEDIUM

XunRuiCMS 4.6.3 - Deserialization of Untrusted Data in Linkage Import Function

CVE-2025-24016 CRITICAL KEV

Wazuh server remote code execution caused by an unsafe deserialization vulnerability.

CVE-2025-1113 MEDIUM

taisan tarzan-cms <= 1.0.0 - Deserialization of Untrusted Data via Add Theme Handler

CVE-2025-1077 CRITICAL

IBL Software Engineering Visual Weather - RCE

CVE-2025-0994 HIGH KEV

Trimble Cityworks < 15.8.9 - Authenticated Remote Code Execution via Deserialization

CVE-2025-20124 CRITICAL

Cisco Identity Services Engine - Authenticated Remote Code Execution via Insecure Java Deserialization

CVE-2025-24661 HIGH

MagePeople Team Taxi Booking Manager for WooCommerce <1.1.8 - Code ...

CVE-2025-0974 MEDIUM

MaxD Lightning Module 4.43 - Deserialization

CVE-2025-24794 MEDIUM

Snowflake Connector for Python 2.7.12-3.13.0 - Local Privilege Escalation via OCSP Response Cache Deserialization

CVE-2025-0841 HIGH

Aridius XYZ <20240927 - Deserialization

CVE-2025-23045 CRITICAL

CVAT 1.1.0-2.25.9 - Authenticated Remote Code Execution via Unsafe State Deserialization in Tracker Functions

CVE-2025-0734 MEDIUM

y_project RuoYi <4.8.0 - Deserialization

CVE-2025-24357 HIGH

vllm < 0.7.0 - Remote Code Execution via Pickle Deserialization in Model Weight Loading

CVE-2025-24671 CRITICAL

Pdfcrowd Save as PDF <4.4.0 - Code Injection

CVE-2025-24601 CRITICAL

ThimPress FundPress <2.0.6 - Code Injection

CVE-2025-23006 CRITICAL KEV

SonicWall SMA/SRA < 12.4.3 - Unauthenticated RCE via Deserialization

Previous Page 44 of 113 Next

Details

Vulnerabilities 2,816

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy