Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,826 vulnerabilities with CWE-502

CVE-2024-45853 HIGH

MindsDB >= 23.10.2.0 - Remote Code Execution via Malicious Inhouse Model Deserialization

CVE-2024-45852 HIGH

MindsDB >= 23.3.2.0 - Remote Code Execution via Untrusted Model Deserialization

CVE-2024-29847 CRITICAL

Ivanti EPM <2022 SU6-2024 September - Code Injection

CVE-2024-43466 MEDIUM

Microsoft SharePoint Server - Denial of Service via Deserialization of Untrusted Data

CVE-2024-43464 HIGH

Microsoft SharePoint Server - Remote Code Execution via Untrusted Data Deserialization

CVE-2024-38018 HIGH

Microsoft SharePoint Server - Remote Code Execution via Untrusted Data Deserialization

CVE-2024-44902 CRITICAL

Thinkphp 6.1.3-8.0.4 - Code Injection

CVE-2024-37288 CRITICAL

Kibana - Remote Code Execution via YAML Deserialization in AI Tools Amazon Bedrock Connector

CVE-2024-40711 CRITICAL KEV

Veeam Backup & Replication 12.0.0.1420 through 12.2.0.334 - Deserialization RCE

CVE-2024-45758 CRITICAL

H2O < 3.46.0.4 - Unauthenticated Remote Code Execution via JDBC Connection URL Injection

CVE-2024-7435 HIGH

Attire < 2.0.7 - Authenticated PHP Object Injection via Untrusted Input Deserialization

CVE-2024-8016 CRITICAL

The Events Calendar Pro <7.0.2 - Code Injection

CVE-2024-2694 HIGH

Betheme Theme <27.5.6 - Code Injection

CVE-2024-8255 CRITICAL

Delta Electronics DTN Soft <2.0.1 - Code Injection

CVE-2024-43931 CRITICAL

eyecix JobSearch < 2.5.3 - PHP Object Injection via Untrusted Data Deserialization

CVE-2024-8030 CRITICAL

Ultimate Store Kit Elementor Addons <2.0.3 - Code Injection

CVE-2024-7351 HIGH

Simple Job Board <= 2.12.3 - Authenticated PHP Object Injection via Job Application Edit

CVE-2024-5335 CRITICAL

Ultimate Store Kit Elementor Addons <1.6.4 - Code Injection

CVE-2024-42363 HIGH

Zendesk Samson <3385 Kubernetes Role - YAML Deserialization Code Execution

CVE-2024-42362 HIGH

Hertzbeat < 1.6.0 - Authenticated Remote Code Execution via Unsafe Deserialization in Monitor Import

CVE-2024-8003 LOW

Go-Tribe gotribe-admin <1.0 - Deserialization

CVE-2024-5932 CRITICAL

GiveWP <= 3.14.1 - Unauthenticated PHP Object Injection via give_title

CVE-2024-43354 CRITICAL

myCred <= 2.7.2 - Deserialization of Untrusted Data

CVE-2024-43252 CRITICAL

Crew HRM <= 1.1.1 - PHP Object Injection via Untrusted Data Deserialization

CVE-2024-43242 CRITICAL

Ultimate Membership Pro <12.6 - Code Injection

Previous Page 54 of 114 Next

Details

Vulnerabilities 2,826

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy