CWE-502
Medium likelihoodDeserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
2,829 vulnerabilities with CWE-502
CVE-2024-22460
LOW
Dell PowerProtect DM5500 <5.15.0.0 - Code Injection
CVSS 2.2
CVE-2024-26579
CRITICAL
Apache InLong 1.7.0-1.11.0 - Deserialization of Untrusted Data via Malicious Parameters
CVSS 9.8
CVE-2024-34515
HIGH
image-optimizer <1.7.3 - Code Injection
CVSS 8.8
CVE-2024-3240
HIGH
ConvertPlug <3.5.25 - Code Injection
CVSS 8.8
CVE-2024-34075
MEDIUM
kurwov 3.1.0-3.2.5 - Denial of Service via MarkovData#getNext Sanitization Bypass
CVSS 6.2
CVE-2024-34072
HIGH
sagemaker-python-sdk <2.218.0 - Code Injection
CVSS 7.8
CVE-2024-1897
HIGH
Grid Gallery Photo Image Grid Gallery - Code Injection
CVSS 7.5
CVE-2024-1896
HIGH
Photo Gallery <1.4.1 - Code Injection
CVSS 7.5
CVE-2024-3591
MEDIUM
Geo Controller WP <8.6.5 - Code Injection
CVSS 6.5
CVE-2024-1895
HIGH
Event Monster < 1.4.0 - Authenticated PHP Object Injection via Shortcode Deserialization
CVSS 7.5
CVE-2024-27322
HIGH
R <4.4.0 - Code Injection
CVSS 8.8
CVE-2024-33641
MEDIUM
Team Yoast Custom field finder <0.4 - Deserialization
CVSS 5.4
CVE-2024-33553
CRITICAL
8theme XStore Core <= 5.3.5 - Unauthenticated PHP Object Injection via Deserialization
CVSS 9.0
CVE-2024-32876
HIGH
NewPipe 0.13.4-0.26.1 - Arbitrary Code Execution via Malicious Backup Import
CVSS 8.5
CVE-2024-32835
MEDIUM
WebToffee Import Export <2.5.3 - Deserialization
CVSS 5.4
CVE-2024-32817
MEDIUM
Import and export users and customers <1.26.2 - Deserialization
CVSS 4.4
CVE-2024-4019
MEDIUM
Byzoro Smart S80 Management Platform <20240411 - Deserialization
CVSS 6.3
CVE-2024-32600
HIGH
Averta Master Slider <= 3.9.5 - Deserialization of Untrusted Data
CVSS 8.3
CVE-2024-32603
HIGH
Themekraft Buddypress Woocommerce MY ... - Insecure Deserialization
CVSS 8.5
CVE-2024-32431
MEDIUM
WP All Import <1.3 - Deserialization
CVSS 4.4
CVE-2024-3740
MEDIUM
nginxwebui < 4.2.4 - Deserialization of Untrusted Data via nginxExe Argument
CVSS 6.3
CVE-2024-3054
HIGH
WPvivid Backup & Migration Plugin for WordPress <= 0.9.99 - Authenticated PHAR Deserialization
CVSS 7.2
CVE-2024-27985
MEDIUM
PropertyHive < 2.0.9 - Deserialization of Untrusted Data
CVSS 5.4
CVE-2024-3568
CRITICAL
huggingface/transformers - Code Injection
CVSS 9.6
CVE-2024-3020
HIGH
Carousel, Slider, Gallery by WP Carousel < 2.6.3 - Authenticated PHP Object Injection via Import Function
CVSS 7.2
Details
Vulnerabilities
2,829
Exploit Likelihood
Medium