Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,822 vulnerabilities with CWE-502

CVE-2024-13297 MEDIUM

Drupal Eloqua <7.X-1.15 - Code Injection

CVE-2024-13296 MEDIUM

Drupal Mailjet <4.0.1 - Code Injection

CVE-2024-13295 MEDIUM

Drupal Node export 7.x-3.0-7.x-3.2 - Object Injection via Untrusted Data Deserialization

CVE-2024-13288 MEDIUM

Drupal Monster Menus <9.3.4-9.4.2 - Deserialization

CVE-2024-54676 CRITICAL

Apache OpenMeetings 2.1.0-8.0.0 - Deserialization of Untrusted Data via OpenJPA Configuration

CVE-2024-55555 HIGH

Invoice Ninja < 5.10.43 - Unauthenticated Remote Code Execution via Route Hash Deserialization

CVE-2024-55556 CRITICAL

Crater Invoice - Unauthenticated Remote Code Execution via Laravel Session Cookie Deserialization

CVE-2024-56291 HIGH

Plainware.com PlainInventory <3.1.6 - Code Injection

CVE-2024-56283 HIGH

plainware.com Locatoraid Store Locator <3.9.50 - Object Injection

CVE-2024-49222 CRITICAL

WPGuppy <= 1.1.0 - PHP Object Injection via Untrusted Data Deserialization

CVE-2024-12313 HIGH

Compare Products for WooCommerce <3.2.1 - Code Injection

CVE-2024-11465 HIGH

Custom Product Tabs for WooCommerce <1.8.5 - Code Injection

CVE-2024-20150 HIGH

MediaTek LR12A, LR13, NR15, NR16, NR17 - Remote Denial of Service via Deserialization Logic Error

CVE-2024-13136 MEDIUM

wangl1989 mysiteforme 1.0 - Deserialization

CVE-2024-10957 HIGH

UpdraftPlus: WP Backup & Migration Plugin <1.24.11 - Code Injection

CVE-2024-10932 HIGH

WordPress Backup Migration <1.4.6 - Code Injection

CVE-2024-56068 HIGH

Azzaroco WP SuperBackup <2.3.3 - Deserialization

CVE-2024-12994 MEDIUM

running-elephant Datart 1.0.0-rc3 - Deserialization

CVE-2024-52046 CRITICAL

Apache MINA 2.0.0-2.0.26, 2.1.0-2.1.9, 2.2.0-2.2.3 - Remote Code Execution via ObjectSerializationDecoder

CVE-2024-12721 HIGH

Custom Product Tabs For WooCommerce <= 1.2.4 - Authenticated PHP Object Injection via wb_custom_tabs Parameter

CVE-2024-12677 HIGH

Delta Electronics DTM Soft - Code Injection

CVE-2024-12741 HIGH

NI DAQExpress <5.1 - Code Injection

CVE-2024-56058 CRITICAL

Gueststream VRPConnector <2.0.1 - Code Injection

CVE-2024-12687 CRITICAL

PlexTrac 1.61.3-2.8.1 - Deserialization of Untrusted Data in Runbooks Modules

CVE-2024-10095 HIGH

Telerik UI for WPF <2024 Q4 - Code Injection

Previous Page 48 of 113 Next

Details

Vulnerabilities 2,822

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy