Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,822 vulnerabilities with CWE-502

CVE-2024-37361 CRITICAL

Hitachi Vantara Pentaho Business Analytics Server <10.2.0.0,9.3.0.9...

CVE-2024-28777 HIGH

IBM Cognos Controller 11.0.0-11.0.1 FP3 and IBM Controller 11.1.0 - Deserialization of Untrusted Data

CVE-2024-13556 HIGH

Affiliate Links < 3.0.1 - Unauthenticated PHP Object Injection via File Export Deserialization

CVE-2024-12562 CRITICAL

s2Member Pro <= 241216 - Unauthenticated PHP Object Injection via s2member_pro_remote_op Parameter

CVE-2024-56180 CRITICAL

Apache EventMesh 1.10.1-1.10.9 - Remote Code Execution via Hessian Deserialization in eventmesh-meta-raft

CVE-2024-52577 CRITICAL

Apache Ignite 2.6.0-2.16.9 - Remote Code Execution via Unfiltered Class Deserialization

CVE-2024-13770 HIGH

Puzzles < 4.2.4 - Unauthenticated PHP Object Injection via 'view_more_posts' AJAX Action

CVE-2024-9664 HIGH

WP All Import Pro <= 4.9.7 - Authenticated PHP Object Injection via Import File Deserialization

CVE-2024-13742 CRITICAL

iControlWP < 4.4.5 - Unauthenticated PHP Object Injection via reqpars Parameter

CVE-2024-0140 MEDIUM

NVIDIA RAPIDS cuDF and cuML < 24.12.00 - Deserialization of Untrusted Data

CVE-2024-12600 HIGH

Custom Product Tabs Lite for WooCommerce <1.9.0 - Code Injection

CVE-2024-31903 HIGH

IBM Sterling B2B Integrator 6.0.0.0-6.1.2.5 & 6.2.0.0-6.2.0.2 - RCE via Untrusted Deserialization

CVE-2024-49699 HIGH

ARPrice <= 4.1.3 - PHP Object Injection via Untrusted Data Deserialization

CVE-2024-49688 CRITICAL

ARPrice <= 4.1.3 - Unauthenticated PHP Object Injection via Deserialization

CVE-2024-10936 HIGH

String locator < 2.6.6 - Unauthenticated PHP Object Injection via recursive_unserialize_replace

CVE-2024-12703 HIGH

Schneider Electric RemoteConnect & SCADAPack x70 - RCE via Malicious Project File

CVE-2024-56515 MEDIUM

matrix-media-repo < 1.3.8 - Remote Code Execution via ImageMagick Ghostscript Decoder

CVE-2024-57766 CRITICAL

wangl1989/mysiteforme < 2025-01-01 - Deserialization of Untrusted Data via system/table/editField

CVE-2024-57764 CRITICAL

wangl1989/mysiteforme < 2025-01-01 - Remote Code Execution via Fastjson Deserialization in Table Add Component

CVE-2024-57763 CRITICAL

wangl1989/mysiteforme < 2025-01-01 - Deserialization of Untrusted Data via system/table/addField

CVE-2024-57762 HIGH

wangl1989/mysiteforme < 2025-01-01 - Deserialization of Untrusted Data via pom.xml Configuration File

CVE-2024-49375 CRITICAL

Rasa < 3.6.21 and Rasa-Pro < 3.10.12 - Remote Code Execution via Malicious Model Deserialization

CVE-2024-13163 HIGH

Ivanti EPM <2024 - Remote Code Execution

CVE-2024-12877 CRITICAL

GiveWP <= 3.19.2 - Unauthenticated PHP Object Injection via Donation Form

CVE-2024-12627 HIGH

Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up,...

Previous Page 47 of 113 Next

Details

Vulnerabilities 2,822

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy