Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,829 vulnerabilities with CWE-502

CVE-2024-30223 CRITICAL

Repute Infosystems ARMember <4.0.26 - Deserialization

CVE-2024-30222 HIGH

Repute Infosystems ARMember <4.0.26 - Deserialization

CVE-2024-1770 HIGH

Meta Tag Manager <3.0.2 - Code Injection

CVE-2024-24842 HIGH

Knowledge Base for Documentation, FAQs with AI Assistance <= 11.30.2 - PHP Object Injection

CVE-2024-24725 HIGH

Gibbon < 26.0.00 - Authenticated PHP Deserialization via columnOrder Parameter

CVE-2024-2025 HIGH

BuddyPress WooCommerce My Account Integration - Code Injection

CVE-2024-28861 CRITICAL

symfony1 1.1.0-1.5.18 - Remote Code Execution via sfNamespacedParameterHolder Deserialization

CVE-2024-2054 CRITICAL

Artica-Proxy - Unauthenticated Remote Code Execution via PHP Deserialization

CVE-2024-29032 MEDIUM

Qiskit IBM Runtime 0.1.0-0.21.1 - Remote Code Execution via RuntimeDecoder JSON Deserialization

CVE-2024-1856 HIGH

Progress Telerik Reporting < 18.0.24.130 - Remote Code Execution via Insecure Deserialization

CVE-2024-1801 HIGH

Progress Telerik Reporting < 18.0.24.130 - Local Code Execution via Insecure Deserialization

CVE-2024-1800 CRITICAL

Progress Telerik Report Server < 10.0.24.130 - Remote Code Execution via Insecure Deserialization

CVE-2024-2721 HIGH

Social Media Share Buttons By Sygnoos < 2.1.0 - PHP Object Injection via Untrusted Data Deserialization

CVE-2024-29136 HIGH

Themefic Tourfic <= 2.11.17 - PHP Object Injection via Untrusted Data Deserialization

CVE-2024-2229 HIGH

EcoStruxure Power Design - Ecodial - Remote Code Execution via Malicious Project File Deserialization

CVE-2024-1685 HIGH

Social Media Share Buttons < 2.1.0 - Authenticated PHP Object Injection via attachmentUrl Parameter

CVE-2024-28859 MEDIUM

symfony1 1.3.0-1.5.17 - Remote Code Execution via Swift Mailer Gadget Chain

CVE-2024-2006 HIGH

Post Grid, Slider & Carousel Ultimate < 1.6.8 - Authenticated PHP Object Injection via outpost_shortcode_metabox_markup

CVE-2024-1951 HIGH

Logo Showcase Ultimate - Code Injection

CVE-2024-1950 HIGH

Product Carousel Slider & Grid Ultimate - Code Injection

CVE-2024-1772 HIGH

Play.ht <= 3.6.4 - Authenticated PHP Object Injection via play_podcast_data

CVE-2024-0047 MEDIUM

Android - Local Denial of Service via Incorrect Device Policy Serialization Tag

CVE-2024-1773 HIGH

PDF Invoices and Packing Slips For WooCommerce <= 1.3.7 - Authenticated PHP Object Injection via order_id Parameter

CVE-2024-28213 CRITICAL

nGrinder < 3.5.9 - Unauthenticated Remote Code Execution via Java Deserialization

CVE-2024-28212 CRITICAL

nGrinder < 3.5.9 - Remote Code Execution via Unsafe SnakeYAML Deserialization

Previous Page 61 of 114 Next

Details

Vulnerabilities 2,829

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy