Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,822 vulnerabilities with CWE-502

CVE-2025-23045 CRITICAL

CVAT 1.1.0-2.25.9 - Authenticated Remote Code Execution via Unsafe State Deserialization in Tracker Functions

CVE-2025-0734 MEDIUM

y_project RuoYi <4.8.0 - Deserialization

CVE-2025-24357 HIGH

vllm < 0.7.0 - Remote Code Execution via Pickle Deserialization in Model Weight Loading

CVE-2025-24671 CRITICAL

Pdfcrowd Save as PDF <4.4.0 - Code Injection

CVE-2025-24601 CRITICAL

ThimPress FundPress <2.0.6 - Code Injection

CVE-2025-23006 CRITICAL KEV

SonicWall SMA/SRA < 12.4.3 - Unauthenticated RCE via Deserialization

CVE-2025-23914 CRITICAL

Muzaara Google Ads Report <3.1 - Object Injection

CVE-2025-23944 HIGH

WOOEXIM < 5.0.0 - PHP Object Injection via Untrusted Data Deserialization

CVE-2025-23932 CRITICAL

NotFound Quick Count <3.00 - Code Injection

CVE-2025-0429 HIGH

WordPress AI Power: Complete AI Pack <1.8.96 - Code Injection

CVE-2025-0428 HIGH

WordPress AI Power: Complete AI Pack <1.8.96 - Code Injection

CVE-2025-0586 HIGH

aEnrich Technology - Insecure Deserialization

CVE-2025-21364 HIGH

Microsoft 365 Apps - Security Feature Bypass via Excel Deserialization

CVE-2025-0465 HIGH

AquilaCMS 1.412.13 - Deserialization

CVE-2025-22777 CRITICAL

GiveWP <= 3.19.3 - PHP Object Injection via Untrusted Data Deserialization

CVE-2025-22510 HIGH

WC Price History for Omnibus <2.1.4 - Code Injection

CVE-2024-53326 HIGH

LINQPad Deserialization

CVE-2024-47886 HIGH

Chamilo 1.11.12-1.11.26 - Deserialization RCE

CVE-2024-14021 HIGH

LlamaIndex <= 0.11.6 - Remote Code Execution via Unsafe Pickle Deserialization in BGEM3Index

CVE-2024-28988 CRITICAL

SolarWinds Web Help Desk - Unauthenticated Remote Code Execution via Java Deserialization

CVE-2024-13980 CRITICAL

H3C IMC E0632H07 - RCE

CVE-2024-54678 HIGH

SIMATIC PCS neo V4.1-V6.0, S7-PLCSIM V17, STEP 7 V17<V19, WinCC V17...

CVE-2024-13786 CRITICAL

Education Center WordPress Theme <= 3.6.10 - Unauthenticated PHP Object Injection

CVE-2024-39780 HIGH

Robot Operating System Noetic and earlier - Remote Code Execution via YAML Deserialization in dynparam

CVE-2024-13889 HIGH

WordPress Importer <0.8.3 - Code Injection

Previous Page 45 of 113 Next

Details

Vulnerabilities 2,822

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy