Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,829 vulnerabilities with CWE-502

CVE-2024-40624 CRITICAL

TorrentPier < 2.4.4 - Remote Code Execution via Unsafe Cookie Deserialization

CVE-2024-6645 MEDIUM

WuKongOpenSource Wukong_nocode - Deserialization

CVE-2024-6644 MEDIUM

zmops ArgusDBM <0.1.0 - Deserialization

CVE-2024-31317 HIGH

Android - Local Privilege Escalation via Unsafe Deserialization in ZygoteProcess.java

CVE-2024-38094 HIGH KEV

Microsoft SharePoint Server - Remote Code Execution via Untrusted Data Deserialization

CVE-2024-38024 HIGH

Microsoft SharePoint Server - Remote Code Execution via Untrusted Data Deserialization

CVE-2024-38023 HIGH

Microsoft SharePoint Server - Remote Code Execution via Untrusted Data Deserialization

CVE-2024-37502 MEDIUM

WooCommerce Social Login <= 2.6.3 - Deserialization of Untrusted Data

CVE-2024-5488 CRITICAL

SEOPress < 7.9 - Unauthenticated Deserialization of Untrusted Data via REST API

CVE-2024-6525 LOW

D-Link DAR-7000 <20230922 - Deserialization

CVE-2024-6441 MEDIUM

ORIPA < 1.80 - Deserialization of Untrusted Data in LoaderXML

CVE-2024-36984 HIGH

Splunk 9.0.0-9.0.10 - Authenticated Remote Code Execution via Untrusted Data Deserialization

CVE-2024-29040 MEDIUM

tpm2-tss < 4.1.0 - Deserialization of Untrusted Data in Fapi_VerifyQuote

CVE-2024-39705 CRITICAL

NLTK < 3.9 - Remote Code Execution via Pickle Deserialization

CVE-2024-5016 HIGH

WhatsUp Gold < 23.1.0 - Remote Code Execution via Untrusted Data Deserialization

CVE-2024-24551 HIGH

Bludit < 3.15.0 - Authenticated Remote Code Execution via Image API File Upload

CVE-2024-24550 HIGH

Bludit 3.14.0-3.15.0 - Arbitrary File Upload to Code Execution

CVE-2024-39334 MEDIUM

MENDELSON AS4 <2024 B376 - Code Injection

CVE-2024-32030 HIGH

Kafka UI < 0.7.2 - Remote Code Execution via JMX Deserialization

CVE-2024-35780 HIGH

Live Composer <1.5.42 - Deserialization

CVE-2024-5724 HIGH

Photo Video Gallery Master <= 1.5.3 - Authenticated PHP Object Injection via PVGM_all_photos_details Parameter

CVE-2024-5649 MEDIUM

Universal Slider <1.6.5 - Code Injection

CVE-2024-5871 CRITICAL

WooCommerce - Social Login <= 2.6.2 - Unauthenticated PHP Object Injection via woo_slg_verify Parameter

CVE-2024-5671 CRITICAL

Trellix IPS Manager < 11.1.x - Unauthenticated RCE via Insecure Deserialization

CVE-2024-4371 CRITICAL

CoDesigner < 4.5 - Unauthenticated PHP Object Injection via recently_viewed_products Cookie

Previous Page 56 of 114 Next

Details

Vulnerabilities 2,829

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy