Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,741 vulnerabilities with CWE-502

CVE-2026-31253 HIGH

flash-attention thru e724e2588c - Deserialization

CVE-2026-31250 HIGH

CosyVoice - Remote Code Execution via Insecure PyTorch Checkpoint Deserialization

CVE-2026-31249 HIGH

CosyVoice - Insecure Deserialization

CVE-2026-7818 HIGH

pgAdmin 4: Unsafe deserialization (CWE-502) in file-backed session manager leads to remote code execution

CVE-2026-41486 HIGH

Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization

CVE-2026-44126 CRITICAL

SEPPmail Secure Email Gateway - Insecure Deserialization

CVE-2026-5127 HIGH

User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.3.1 - Authenticated (Subscriber+) PHP Object Injection

CVE-2026-41586 CRITICAL

Hyperledger Fabric 1.0.0-2.2.26 fabric-sdk-java - Java Deserialization Remote Code Execution

CVE-2026-34084 CRITICAL

PhpSpreadsheet SSRF and RCE via PHP stream wrappers in IOFactory::load

CVE-2026-7712 MEDIUM

MindsDB Pickle pickle.loads deserialization

CVE-2026-7647 HIGH

Profile Builder Pro <= 3.14.5 - Unauthenticated PHP Object Injection

CVE-2026-7597 MEDIUM

mem0ai mem0 faiss.py pickle.dump deserialization

CVE-2026-42473 CRITICAL

MixPHP Framework 2.x-2.2.17 - Deserialization

CVE-2026-42472 CRITICAL

MixPHP Framework 2.x-2.2.17 - Deserialization

CVE-2026-42471 HIGH

MixPHP Framework 2.x-2.2.17 - Deserialization

CVE-2026-37552 HIGH

MixPHP Framework 2.x-2.2.17 - Deserialization

CVE-2026-42779 CRITICAL

Apache MINA: AbstractIoBuffer.resolveClass() null-clazz Branch Skips acceptMatchers Filter — Full Object Deserialization RCE (take 2)

CVE-2026-42778 CRITICAL

Apache MINA: CWE-502 Deserialization of Untrusted Data (take 2)

CVE-2026-7584 HIGH

Arbitrary Code Execution via Unsafe Deserialization in LabOne Q

CVE-2026-42521 MEDIUM

Jenkins Project Jenkins Matrix Authorization Strategy Plugin < 3.2.9 - Information Disclosure

CVE-2026-7317 MEDIUM

Grav CMS Cache Value FileCache.php doGet deserialization

CVE-2026-24186 HIGH

NVIDIA FLARE SDK <2.7.2 - Deserialization

CVE-2026-27172 HIGH

Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store

CVE-2026-41409 CRITICAL

Apache MINA: CWE-502 Deserialization of Untrusted Data

CVE-2026-40858 HIGH

Apache Camel: Camel-Infinispan: Unsafe Deserialization in Remote Aggregation Repository

Previous Page 6 of 110 Next

Details

Vulnerabilities 2,741

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy