Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,741 vulnerabilities with CWE-502

CVE-2026-44501 MEDIUM

DataHub OIDC REDIRECT_URL Cookie Deserialization Vulnerability

CVE-2026-1184 MEDIUM

Deserialization of Untrusted Data in GitLab

CVE-2026-41957 HIGH

F5 - BIG-IP and BIG-IQ Configuration Utility Vulnerability

CVE-2026-7635 HIGH

coreActivity: Activity Logging for WordPress <= 3.0 - Unauthenticated PHP Object Injection via 'user_agent' Log Meta Field

CVE-2026-34659 CRITICAL

Adobe Connect | Deserialization of Untrusted Data (CWE-502)

CVE-2026-40368 HIGH

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2026-40357 HIGH

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2026-35439 HIGH

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2026-33112 HIGH

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2026-33110 HIGH

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2026-31239 CRITICAL

mamba < 2.2.6 - Remote Code Execution via Insecure Model Deserialization

CVE-2026-31238 CRITICAL

Ludwig Framework <=0.10.4 - Deserialization

CVE-2026-31237 CRITICAL

Ludwig Framework <=0.10.4 - Deserialization

CVE-2026-31235 CRITICAL

imgaug <= 0.4.0 - Remote Code Execution via Insecure Pickle Deserialization in BackgroundAugmenter

CVE-2026-31234 CRITICAL

Horovod <= 0.28.1 - Unauthenticated Remote Code Execution via Insecure KVStore Deserialization

CVE-2026-31232 HIGH

CosyVoice thru 6e01309 - Deserialization

CVE-2026-31229 CRITICAL

Adversarial Robustness Toolbox <=1.20.1 - Deserialization

CVE-2026-31224 HIGH

snorkel < 0.10.0 - Remote Code Execution via Insecure Pickle Deserialization in MultitaskClassifier.load()

CVE-2026-31223 HIGH

snorkel < 0.10.0 - Remote Code Execution via Insecure Pickle Deserialization in BaseLabeler.load()

CVE-2026-31222 HIGH

snorkel thru v0.10.0 - Deserialization

CVE-2026-31221 HIGH

PyTorch-Lightning <=2.6.0 - Deserialization

CVE-2026-31219 HIGH

optimate - Remote Code Execution via Insecure Model File Deserialization

CVE-2026-31218 HIGH

nebuly-ai optimate - Remote Code Execution via Insecure Pickle Deserialization in _load_model()

CVE-2026-31214 CRITICAL

ml-engineering 0099885 - Deserialization

CVE-2026-3048 MEDIUM

Nexus Repository 3 - Improper LDAP Referral Handling

Previous Page 5 of 110 Next

Details

Vulnerabilities 2,741

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy