Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,826 vulnerabilities with CWE-502

CVE-2024-47636 CRITICAL

Eyecix JobSearch <2.5.9 - Code Injection

CVE-2024-9005 HIGH

EcoStruxure Power Monitoring Expert - Remote Code Execution via Unsafe Deserialization

CVE-2024-9314 HIGH

Rank Math SEO < 1.0.228 - Authenticated PHP Object Injection via set_redirections Function

CVE-2024-47561 HIGH

Apache Avro < 1.11.4 - Remote Code Execution via Schema Parsing

CVE-2024-8885 HIGH

Sophos Intercept X <2024.2.0 - Privilege Escalation

CVE-2024-7434 HIGH

UltraPress <= 1.2.2 - Authenticated PHP Object Injection via Untrusted Input Deserialization

CVE-2024-7433 HIGH

Empowerment < 1.0.2 - Authenticated PHP Object Injection via Untrusted Data Deserialization

CVE-2024-7432 HIGH

Unseen Blog < 1.0.0 - Authenticated PHP Object Injection via Untrusted Data Deserialization

CVE-2024-45772 MEDIUM

Apache Lucene Replicator 4.4.0-9.11.9 - Deserialization of Untrusted Data in HTTP Package

CVE-2024-8353 CRITICAL

GiveWP Unauthenticated Donation Process Exploit

CVE-2024-8922 HIGH

Product Enquiry for WooCommerce <= 2.2.33.32 - Authenticated PHP Object Injection via enquiry_detail.php

CVE-2024-43191 HIGH

IBM Cloud Pak for Multicloud Management Monitoring - Authenticated Remote Code Execution via YAML Deserialization

CVE-2024-8316 HIGH

Telerik UI for WPF <2024 Q3 - Code Injection

CVE-2024-7576 HIGH

Telerik UI for WPF < 2024.3.924 - Remote Code Execution via Insecure Deserialization

CVE-2024-8514 CRITICAL

Prisna GWT - WordPress 1.4.11 - Code Injection

CVE-2024-42323 HIGH

Apache HertzBeat < 1.6.0 - Authenticated Remote Code Execution via SnakeYAML Deserialization

CVE-2024-8375 HIGH

Reverb < 2024-08-05 - Use-After-Free via VARIANT Tensor Unpacking

CVE-2024-5998 HIGH

langchain < 0.2.9 and langchain-community < 0.2.4 - Remote Code Execution via FAISS Deserialization

CVE-2024-22399 CRITICAL

Apache Seata <2.1.0-1.8.1 - Deserialization

CVE-2024-8862 HIGH

h2oai h2o-3 3.46.0.4 - Unauthenticated Remote Code Execution via JDBC Connection Handler Deserialization

CVE-2024-41874 CRITICAL

ColdFusion 2023.9 and 2021.15 - Deserialization of Untrusted Data

CVE-2024-28991 CRITICAL

SolarWinds Access Rights Manager < 2024.3.1 - Authenticated Remote Code Execution via Untrusted Data Deserialization

CVE-2024-45857 HIGH

Cleanlab >= 2.4.0 - Remote Code Execution via Malicious datalab.pkl File

CVE-2024-45855 HIGH

MindsDB >= 23.10.2.0 - Remote Code Execution via Malicious Inhouse Model Deserialization

CVE-2024-45854 HIGH

MindsDB >= 23.10.3.0 - Remote Code Execution via Malicious Inhouse Model Deserialization

Previous Page 53 of 114 Next

Details

Vulnerabilities 2,826

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy