Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,822 vulnerabilities with CWE-502

CVE-2024-54367 CRITICAL

Ultimate Member ForumWP <= 2.1.0 - PHP Object Injection via Untrusted Data Deserialization

CVE-2024-54282 HIGH

Themeum WP Mega Menu <1.4.2 - Code Injection

CVE-2024-54273 CRITICAL

PickPlugins Mail Picker <1.0.14 - Code Injection

CVE-2024-11839 HIGH

PlexTrac 1.61.3-2.8.1 - Deserialization of Untrusted Data in Runbooks Modules

CVE-2024-49147 CRITICAL

Microsoft Update Catalog - Unauthenticated Privilege Escalation via Untrusted Data Deserialization

CVE-2024-12312 HIGH

Print Science Designer <1.3.152 - Code Injection

CVE-2024-49070 HIGH

Microsoft SharePoint Server - Remote Code Execution via Untrusted Data Deserialization

CVE-2024-49063 HIGH

Microsoft Muzic < 196.0 - Remote Code Execution via Untrusted Data Deserialization

CVE-2024-11949 HIGH

GFI Archiver < 15.7 - Authenticated Remote Code Execution via Store Service Deserialization

CVE-2024-11947 HIGH

GFI Archiver < 15.7 - Authenticated Remote Code Execution via Core Service Deserialization

CVE-2024-53247 HIGH

Splunk Enterprise <9.3.2, 9.2.4, 9.1.7 - RCE

CVE-2024-49849 HIGH

SIMATIC S7-PLCSIM,STEP 7 - Info Disclosure

CVE-2024-55638 CRITICAL

Drupal 7.0-7.101, 8.8.0-10.2.10, 10.3.0-10.3.8 - Deserialization of Untrusted Data

CVE-2024-55637 CRITICAL

Drupal 8.0.0-10.2.10 10.3.0-10.3.8 11.0.0-11.0.7 - Object Injection via Insecure Deserialization

CVE-2024-55636 CRITICAL

Drupal 8.0.0-10.2.10 10.3.0-10.3.8 11.0.0-11.0.7 - Object Injection via Insecure Deserialization

CVE-2024-11501 HIGH

Gallery < 1.3 - Authenticated PHP Object Injection via wd_gallery_$id Parameter

CVE-2024-54136 CRITICAL

ClipBucket V5 <5.5.1.199 - Code Injection

CVE-2024-54135 CRITICAL

ClipBucket V5 <5.5.1 - Code Injection

CVE-2024-12138 MEDIUM

horilla < 1.2.1 - Remote Code Execution via Untrusted Data Deserialization

CVE-2024-10587 HIGH

Funnelforms Free <3.7.4.1 - Code Injection

CVE-2024-51363 CRITICAL

Hodoku 2.3.0-2.3.2 - Remote Code Execution via Insecure Deserialization

CVE-2024-53477 CRITICAL

JFinal CMS 5.1.0 - Remote Code Execution via Unauthorized Deserialization in ApiForm.java

CVE-2024-52338 CRITICAL

Apache Arrow R <16.1.0 - Code Injection

CVE-2024-53673 HIGH

HPE Insight Remote Support < 7.14.0.629 - Unauthenticated Remote Code Execution via Java Deserialization

CVE-2024-11145 CRITICAL

Easy Folder Listing Pro < 4.5 - Unauthenticated Remote Code Execution via Deserialization

Previous Page 49 of 113 Next

Details

Vulnerabilities 2,822

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy