Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,829 vulnerabilities with CWE-502

CVE-2024-43354 CRITICAL

myCred <= 2.7.2 - Deserialization of Untrusted Data

CVE-2024-43252 CRITICAL

Crew HRM <= 1.1.1 - PHP Object Injection via Untrusted Data Deserialization

CVE-2024-43242 CRITICAL

Ultimate Membership Pro <12.6 - Code Injection

CVE-2024-37099 CRITICAL

GiveWP < 3.14.1 - Unauthenticated PHP Object Injection via Deserialization

CVE-2024-28986 CRITICAL KEV

SolarWinds Web Help Desk < 12.8.3 - Insecure Deserialization

CVE-2024-43141 CRITICAL

Roland Barker xnau webdesign Participants Database <2.5.9.2 - Code ...

CVE-2024-7561 HIGH

The Next < 1.1.0 - Authenticated PHP Object Injection via wpeden_post_meta Deserialization

CVE-2024-7560 HIGH

News Flash <= 1.1.0 - Authenticated PHP Object Injection via newsflash_post_meta Deserialization

CVE-2024-7486 HIGH

MultiPurpose <= 1.2.0 - Authenticated PHP Object Injection via wpeden_post_meta Deserialization

CVE-2024-36131 HIGH

Ivanti Endpoint Manager Mobile < 12.1.0.1 - Authenticated Remote Code Execution via Insecure Deserialization

CVE-2024-39636 HIGH

CodeSolz Better Find and Replace <1.6.1 - Deserialization

CVE-2024-39630 MEDIUM

MotoPress Timetable <2.4.13 - Object Injection

CVE-2024-6152 HIGH

Flipbox Builder <1.5 - Code Injection

CVE-2024-39673 MEDIUM

Huawei EMUI and HarmonyOS - Deserialization of Untrusted Data in iAware Module

CVE-2024-7067 MEDIUM

shuttur/ecommerce-laravel-bootstrap < 2024-07-03 - Deserialization of Untrusted Data in getCartProductsIds

CVE-2024-6327 CRITICAL

Telerik Report Server <2024 Q2 - Code Injection

CVE-2024-6794 CRITICAL

NI VeriStand <2024 Q2 - Deserialization

CVE-2024-6793 CRITICAL

NI VeriStand < 2024 Q2 - Remote Code Execution via Deserialization of Untrusted Data

CVE-2024-6675 HIGH

NI VeriStand <2024 Q2 - Code Injection

CVE-2024-38759 MEDIUM

WP MEDIA SAS Search & Replace < 3.2.2 - Deserialization of Untrusted Data

CVE-2024-6960 HIGH

H2O Core - Remote Code Execution via Iced Model Deserialization

CVE-2024-6944 MEDIUM

crmeb < 5.4.0 - Remote Code Execution via Untrusted Data Deserialization in PublicController.php

CVE-2024-6943 MEDIUM

crmeb < 5.4.0 - Deserialization of Untrusted Data via CopyTaobaoServices downloadImage Function

CVE-2024-5726 HIGH

Timeline Event History <3.1 - Code Injection

CVE-2024-28074 CRITICAL

SolarWinds Access Rights Manager < 2023.2.4 - Deserialization of Untrusted Data

Previous Page 55 of 114 Next

Details

Vulnerabilities 2,829

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy