Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,829 vulnerabilities with CWE-502

CVE-2024-2693 HIGH

Link Whisper Free <0.7.1 - Code Injection

CVE-2024-2501 HIGH

Hubbub Lite <1.33.1 - Code Injection

CVE-2024-1813 CRITICAL

Simple Job Board <= 2.11.0 - Unauthenticated PHP Object Injection via job_board_applicant_list_columns_value

CVE-2024-1792 HIGH

CMB2 <= 2.10.1 - Authenticated PHP Object Injection via text_datetime_timestamp_timezone Field

CVE-2024-31224 CRITICAL

gpt_academic 3.64-3.73 - Remote Code Execution via Untrusted Data Deserialization

CVE-2024-3431 MEDIUM

EyouCMS 1.6.5 - Remote Code Execution via Deserialization in Backend Channel Edit

CVE-2024-31308 MEDIUM

WP Import Export Lite <= 3.9.26 - Deserialization of Untrusted Data

CVE-2024-31277 HIGH

PickPlugins Product Designer <1.0.32 - Deserialization

CVE-2024-3366 LOW

Xuxueli xxl-job <2.4.1 - Code Injection

CVE-2024-31211 MEDIUM

WordPress 6.4.0-6.4.1 - Remote Code Execution via WP_HTML_Token Unserialization

CVE-2024-2008 HIGH

Modal Popup Box <1.5.2 - Code Injection

CVE-2024-27604 CRITICAL

Alldata V0.4.6 - Remote Code Execution via Untrusted Data Deserialization

CVE-2024-29433 CRITICAL

Alldata 0.4.6 - Remote Code Execution via FASTJSON Deserialization

CVE-2024-31094 HIGH

Filter Custom Fields & Taxonomies Light - Deserialization

CVE-2024-3018 HIGH

Essential Addons for Elementor < 5.9.13 - Authenticated PHP Object Injection via Login | Register Form Widget

CVE-2024-1872 HIGH

Button Plugin for WordPress <=1.1.28 - Code Injection

CVE-2024-1858 MEDIUM

Responsive Lightbox Gallery <1.9.9 - Code Injection

CVE-2024-30221 MEDIUM

WP Sunshine Photo Cart <3.1.1 - Deserialization

CVE-2024-30230 HIGH

Acowebs PDF Invoices <1.3.7 - Deserialization

CVE-2024-30229 HIGH

GiveWP <= 3.4.2 - Deserialization of Untrusted Data

CVE-2024-30228 CRITICAL

Hercules Core < 6.4 - PHP Object Injection via Untrusted Data Deserialization

CVE-2024-30227 CRITICAL

INFINITUM FORM Geo Controller <8.6.4 - Deserialization

CVE-2024-30226 CRITICAL

WPDeveloper BetterDocs <3.3.3 - Deserialization

CVE-2024-30225 CRITICAL

WPENGINE, INC. WP Migrate <2.6.10 - Deserialization

CVE-2024-30224 CRITICAL

WholesaleX <= 1.3.2 - Unauthenticated PHP Object Injection

Previous Page 60 of 114 Next

Details

Vulnerabilities 2,829

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy