Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,826 vulnerabilities with CWE-502

CVE-2024-52433 CRITICAL

My Geo Posts Free <= 1.2 - PHP Object Injection via Untrusted Data Deserialization

CVE-2024-52432 CRITICAL

NIX Anti-Spam Light <= 0.0.4 - PHP Object Injection via Untrusted Data Deserialization

CVE-2024-52430 CRITICAL

Lis Video Gallery <= 0.2.1 - PHP Object Injection via Untrusted Data Deserialization

CVE-2024-41151 HIGH

Apache HertzBeat < 1.6.1 - Authenticated Deserialization of Untrusted Data

CVE-2024-52414 CRITICAL

Anthony Carbon WDES Responsive Mobile Menu <5.3.18 - Code Injection

CVE-2024-52413 CRITICAL

DMC Airin Blog <1.6.1 - Code Injection

CVE-2024-52412 CRITICAL

Stephen Cui Xin < 1.0.8.1 - PHP Object Injection via Untrusted Data Deserialization

CVE-2024-52411 CRITICAL

Flowcraft UX Design Studio Advanced Personalization <1.1.2 - Code I...

CVE-2024-52410 CRITICAL

Phoenixheart Referrer Detector <4.2.1.0 - Code Injection

CVE-2024-52409 CRITICAL

Phan An AJAX Random Posts <0.3.3 - Code Injection

CVE-2024-37285 CRITICAL

Kibana 8.10.0-8.14.2 - Authenticated Remote Code Execution via YAML Deserialization

CVE-2024-10962 HIGH

WPvivid <= 0.9.107 - Unauthenticated PHP Object Injection

CVE-2024-43080 HIGH

Android - Local Privilege Escalation via Unsafe Deserialization in AppRestrictionsFragment

CVE-2024-52306 HIGH

FileManager <3.0.9 - Code Injection

CVE-2024-10013 HIGH

Telerik UI for WinForms <2024 Q4 - Code Injection

CVE-2024-10012 HIGH

Telerik UI for WPF <2024 Q4 - Code Injection

CVE-2024-10828 HIGH

Advanced Order Export For WooCommerce <= 3.5.5 - Unauthenticated PHP Object Injection via Order Export Deserialization

CVE-2024-8069 HIGH KEV

Citrix Session Recording - Privilege Escalation

CVE-2024-44102 CRITICAL

Siemens TeleControl Server Basic < 3.1.2.1 - Unauthenticated Remote Code Execution via Insecure Deserialization

CVE-2024-47072 HIGH

XStream < 1.4.21 - Denial of Service via BinaryStreamDriver Input Manipulation

CVE-2024-10749 MEDIUM

thinkadmin 6.0-6.1.67 - Deserialization of Untrusted Data via Plugs.php uptoken Argument

CVE-2024-43383 HIGH

Apache Lucene.Net.Replicator 4.8.0-beta00005-4.8.0-beta00016 - Remote Code Execution via JSON Deserialization

CVE-2024-48112 CRITICAL

Thinkphp 6.1.3-8.0.4 - Remote Code Execution via Deserialization in Index.php Controller

CVE-2024-10456 CRITICAL

Delta Electronics InfraSuite Device Master <1.0.12 - Deserialization

CVE-2024-50507 CRITICAL

DS.DownloadList <1.3 - Code Injection

Previous Page 51 of 114 Next

Details

Vulnerabilities 2,826

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy