Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,829 vulnerabilities with CWE-502

CVE-2024-3468 HIGH

AVEVA PI Web API < 2023 - Remote Code Execution via API XML Import

CVE-2024-3467 HIGH

AVEVA PI Asset Framework Client - Remote Code Execution via Malicious XML Import

CVE-2024-28964 HIGH

Dell Common Event Enabler < 8.9.10.0 - Unauthenticated Deserialization of Untrusted Data via CAVATools

CVE-2024-35249 HIGH

Microsoft Dynamics 365 Business Central - Remote Code Execution via Untrusted Data Deserialization

CVE-2024-36528 HIGH

nukeviet < 4.5.05 and egovernment < 1.2.02 - Remote Code Execution via Untrusted Data Deserialization

CVE-2024-5675 CRITICAL

Mentor - Employee Portal <3.83.35 - Code Injection

CVE-2024-33568 HIGH

BdThemes Element Pack Pro < 7.19.3 - Path Traversal and Object Injection

CVE-2024-37065 HIGH

skops >= 0.6 - Remote Code Execution via Model Deserialization

CVE-2024-37064 HIGH

ydata-profiling >= 3.7.0 - Remote Code Execution via Untrusted Data Deserialization

CVE-2024-37062 HIGH

ydata-profiling >= 3.7.0 - Remote Code Execution via Malicious Report Deserialization

CVE-2024-37060 HIGH

MLflow >= 1.27.0 - Remote Code Execution via Malicious Recipe Deserialization

CVE-2024-37059 HIGH

MLflow >= 0.5.0 - Remote Code Execution via PyTorch Model Deserialization

CVE-2024-37058 HIGH

MLflow >= 2.5.0 - Remote Code Execution via Langchain AgentExecutor Model Deserialization

CVE-2024-37057 HIGH

MLflow >= 2.0.0 - Remote Code Execution via Tensorflow Model Deserialization

CVE-2024-37056 HIGH

MLflow >= 1.23.0 - Remote Code Execution via LightGBM Model Deserialization

CVE-2024-37055 HIGH

MLflow >= 1.24.0 - Remote Code Execution via Malicious Pmdarima Model Deserialization

CVE-2024-37054 HIGH

MLflow >= 0.9.0 - Remote Code Execution via PyFunc Model Deserialization

CVE-2024-37053 HIGH

MLflow >= 1.1.0 - Remote Code Execution via Malicious scikit-learn Model Deserialization

CVE-2024-37052 HIGH

MLflow >= 1.1.0 - Remote Code Execution via Malicious scikit-learn Model Deserialization

CVE-2024-3301 HIGH

DELMIA Apriso <2024 - Code Injection

CVE-2024-3300 CRITICAL

DELMIA Apriso <2024 - Code Injection

CVE-2024-26289 CRITICAL

PMB 7.3.1-7.3.17 - Remote Code Execution via Untrusted Data Deserialization

CVE-2024-5352 MEDIUM

Anji-plus AJ-Report <1.4.1 - Deserialization

CVE-2024-5351 MEDIUM

Anji-plus AJ-Report <1.4.1 - Deserialization

CVE-2024-5085 HIGH

Hash Form - Drag & Drop Form Builder <= 1.1.0 - Unauthenticated PHP Object Injection via process_entry Function

Previous Page 57 of 114 Next

Details

Vulnerabilities 2,829

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy