Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,822 vulnerabilities with CWE-502

CVE-2024-13921 HIGH

Order Export & Order Import for WooCommerce <= 2.6.0 - Authenticated PHP Object Injection via Form Data Parameter

CVE-2024-9701 CRITICAL

Kedro < 0.19.9 - Remote Code Execution via ShelveStore Deserialization

CVE-2024-9070 CRITICAL

BentoML <= 1.3.4.post1 - Remote Code Execution via Runner Server Deserialization

CVE-2024-9053 CRITICAL

vllm 0.6.0 - Remote Code Execution via Unsafe Cloudpickle Deserialization

CVE-2024-8502 CRITICAL

modelscope/agentscope <0.0.6a3 - RCE

CVE-2024-12433 CRITICAL

RagFlow 0.12.0-<0.14.0 - Remote Code Execution via Pickle Deserialization

CVE-2024-12044 CRITICAL

open-mmlab/mmdetection <3.3.0 - RCE

CVE-2024-12029 CRITICAL

InvokeAI 5.3.1-5.4.2 - Remote Code Execution via Unsafe Model File Deserialization

CVE-2024-11041 CRITICAL

vllm v0.6.2 - Remote Code Execution via Pickle Deserialization in MessageQueue.dequeue()

CVE-2024-11039 HIGH

binary-husky gpt_academic <= 3.83 - Remote Code Execution via Pickle Deserialization in Latex Plugin

CVE-2024-10553 CRITICAL

h2o < 3.46.0.6 - Unauthenticated Remote Code Execution via JDBC URL Deserialization

CVE-2024-10190 CRITICAL

Horovod <= 0.28.1 - Unauthenticated Remote Code Execution via ElasticRendezvousHandler Pickle Deserialization

CVE-2024-47552 CRITICAL

Apache Seata <2.2.0 - Deserialization

CVE-2024-13410 CRITICAL

WordPress CozyStay/TinySalt <1.7.0/<3.9.0 - Code Injection

CVE-2024-13824 CRITICAL

CiyaShop WooCommerce Theme <=4.19.0 - Unauthenticated PHP Object Injection

CVE-2024-10942 HIGH

All-in-One WP Migration and Backup <7.89 - Code Injection

CVE-2024-13906 HIGH

The Gallery by BestWebSoft - Customizable Image and Photo Galleries...

CVE-2024-12742 HIGH

NI G Web Dev <2022 Q3 - Code Injection

CVE-2024-13787 CRITICAL

VEDA - MultiPurpose WordPress Theme <4.2 - Code Injection

CVE-2024-13777 HIGH

ZoomSounds WordPress Plugin <= 6.91 - Unauthenticated PHP Object Injection via 'margs'

CVE-2024-47092 CRITICAL

Checkmk Exchange <5.8.1 - Open Redirect

CVE-2024-13833 HIGH

Album Gallery - WordPress Gallery <1.6.3 - Code Injection

CVE-2024-13831 HIGH

Tabs for WooCommerce <= 1.0.0 - Authenticated PHP Object Injection via 'product_has_custom_tabs' Function

CVE-2024-13899 HIGH

Mambo Importer < 1.0 - Authenticated PHP Object Injection via fImportMenu $data Parameter

CVE-2024-13789 CRITICAL

ravpage <= 2.31 - Unauthenticated PHP Object Injection via 'paramsv2' Parameter

Previous Page 46 of 113 Next

Details

Vulnerabilities 2,822

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy