CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,822 vulnerabilities with CWE-502
CVE-2024-11662 MEDIUM
welliamcao OpsManage <3.0.5 - Deserialization
CVSS 6.3
CVE-2024-53915 CRITICAL
Veritas Enterprise Vault <15.2 - Code Injection
CVSS 9.8
CVE-2024-53914 CRITICAL
Veritas Enterprise Vault <15.2 - Code Injection
CVSS 9.8
CVE-2024-53913 CRITICAL
Veritas Enterprise Vault <15.2 - Code Injection
CVSS 9.8
CVE-2024-53912 CRITICAL
Veritas Enterprise Vault <15.2 - Code Injection
CVSS 9.8
CVE-2024-53911 CRITICAL
Veritas Enterprise Vault <15.2 - RCE
CVSS 9.8
CVE-2024-53910 CRITICAL
Veritas Enterprise Vault <15.2 - Code Injection
CVSS 9.8
CVE-2024-53909 CRITICAL
Veritas Enterprise Vault <15.2 - Code Injection
CVSS 9.8
CVE-2024-9511 CRITICAL
FluentSMTP - WP SMTP Plugin <2.2.82 - Code Injection
CVSS 9.8
CVE-2024-11394 HIGH
Hugging Face Transformers < 4.48.0 - Remote Code Execution via Trax Model Deserialization
CVSS 8.8
CVE-2024-11393 HIGH
Hugging Face Transformers < 4.48.0 - Remote Code Execution via MaskFormer Model Deserialization
CVSS 8.8
CVE-2024-11392 HIGH
Hugging Face Transformers MobileViTV2 - Deserialization
CVSS 8.8
CVE-2024-5580 HIGH
Allegra < 7.5.2 - Authenticated Remote Code Execution via loadFieldMatch Deserialization
CVSS 7.2
CVE-2024-5579 HIGH
Allegra < 7.5.2 - Authenticated Remote Code Execution via renderFieldMatch Deserialization
CVSS 7.2
CVE-2024-11409 HIGH
Grid View Gallery <1.0 - Code Injection
CVSS 7.2
CVE-2024-10913 HIGH
Clone Plugin <2.4.6 - Code Injection
CVSS 8.8
CVE-2024-52445 HIGH
Modeltheme QRMenu Restaurant QR Menu Lite - Code Injection
CVSS 8.8
CVE-2024-52443 CRITICAL
Geolocator <= 1.1 - PHP Object Injection via Untrusted Data Deserialization
CVSS 9.8
CVE-2024-52440 CRITICAL
Bueno Labs Pvt. Ltd. Xpresslane Fast Checkout <1.0.0 - Code Injection
CVSS 9.8
CVE-2024-52439 CRITICAL
Mark O'Donnell Team Rosters <4.6 - Code Injection
CVSS 9.8
CVE-2024-10382 HIGH
androidx.car.app < 1.7.0-beta02 - Remote Code Execution via Untrusted Deserialization
CVSS 7.5
CVE-2024-52433 CRITICAL
My Geo Posts Free <= 1.2 - PHP Object Injection via Untrusted Data Deserialization
CVSS 9.8
CVE-2024-52432 CRITICAL
NIX Anti-Spam Light <= 0.0.4 - PHP Object Injection via Untrusted Data Deserialization
CVSS 9.8
CVE-2024-52430 CRITICAL
Lis Video Gallery <= 0.2.1 - PHP Object Injection via Untrusted Data Deserialization
CVSS 9.8
CVE-2024-41151 HIGH
Apache HertzBeat < 1.6.1 - Authenticated Deserialization of Untrusted Data
CVSS 8.8
Details
Vulnerabilities 2,822
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits