Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,593 vulnerabilities with CWE-502

CVE-2026-22510 HIGH

WordPress Melody theme <= 1.6.3 - PHP Object Injection vulnerability

CVE-2026-22507 CRITICAL

WordPress Beelove theme <= 1.2.6 - PHP Object Injection vulnerability

CVE-2026-22505 HIGH

WordPress Morning Records theme <= 1.2 - PHP Object Injection vulnerability

CVE-2026-22500 CRITICAL

WordPress m2 | Construction and Tools Store theme <= 1.1.2 - PHP Object Injection vulnerability

CVE-2026-22480 HIGH

WordPress Product Feed for WooCommerce plugin <= 2.3.3 - PHP Object Injection vulnerability

CVE-2026-24159 HIGH

Nvidia Nemo Framework - Remote Code Execution

CVE-2026-24157 HIGH

Nvidia Nemo Framework - Remote Code Execution

CVE-2026-24152 HIGH

Nvidia Megatron LM - Information Disclosure

CVE-2026-24151 HIGH

Nvidia Megatron LM - Information Disclosure

CVE-2026-24150 HIGH

Nvidia Megatron LM - Information Disclosure

CVE-2026-24141 HIGH

Nvidia Model Optimizer - Information Disclosure

CVE-2026-4735 HIGH

A stack overflow and DoS vulnerability in DTStack/chunjun

CVE-2026-4538 MEDIUM

PyTorch pt2 Loading deserialization

CVE-2026-0677 HIGH

WordPress TotalContest Lite plugin <= 2.9.1 - PHP Object Injection vulnerability

CVE-2026-29109 HIGH

SuiteCRM Authenticated Remote Code Execution via Unsafe Deserialization in SavedSearch Filter Processing

CVE-2026-25445 HIGH

WordPress WishList Member X plugin <= 3.29.0 - PHP Object Injection vulnerability

CVE-2026-27096 HIGH

WordPress ColorFolio - Freelance Designer WordPress Theme theme <= 1.3 - Deserialization of untrusted data vulnerability

CVE-2026-25873 CRITICAL

OmniGen2-RL Reward Server Unsafe Deserialization RCE

CVE-2026-25449 CRITICAL

WordPress Traveler theme < 3.2.8.1 - PHP Object Injection vulnerability

CVE-2026-25769 CRITICAL

Wazuh Cluster vulnerable to Remote Code Execution via Insecure Deserialization

CVE-2026-1323 HIGH

Insecure Deserialization in extension "Mailqueue" (mailqueue)

CVE-2026-32355 HIGH

Crocoblock JetEngine <3.8.4.1 - Deserialization

CVE-2026-3060 CRITICAL

SGLang - Deserialization RCE

CVE-2026-3059 CRITICAL

SGLang Multimodal Module - Deserialization

CVE-2026-3967 MEDIUM

Alfresco Activiti <7.19/8.8.0 - Deserialization

Previous Page 5 of 104 Next

Details

Vulnerabilities 2,593

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy