Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,829 vulnerabilities with CWE-502

CVE-2024-28211 CRITICAL

nGrinder < 3.5.9 - Remote Code Execution via Malicious JMX/RMI Server Connection

CVE-2024-26580 CRITICAL

Apache InLong 1.8.0-1.10.0 - Arbitrary File Read via Deserialization

CVE-2024-1731 HIGH

Auto Refresh Single Page < 1.1 - Authenticated PHP Object Injection via arsp_options Post Meta

CVE-2024-0825 HIGH

Vimeography < 2.3.3 - Authenticated PHP Object Injection via duplicate_gallery Function

CVE-2024-24302 CRITICAL

Product Designer < 1.178.36 - Remote Code Execution via postProcess() Method

CVE-2024-0692 HIGH

SolarWinds Security Event Manager - RCE

CVE-2024-1859 HIGH

Slider Responsive Slideshow < 1.3.8 - Authenticated PHP Object Injection via awl_slider_responsive_shortcode

CVE-2024-22871 HIGH

Clojure 1.2.0-1.11.2 - Denial of Service via clojure.core$partial$fn__5920

CVE-2024-23328 CRITICAL

Dataease < 1.18.15 - Deserialization of Untrusted Data in MySQL Datasource

CVE-2024-23052 CRITICAL

WuKongOpenSource WukongCRM <9.0.1 - RCE

CVE-2024-1750 MEDIUM

temmokumvc < 2.3 - Deserialization of Untrusted Data in Image Download Handler

CVE-2024-1748 MEDIUM

AutoPrognosis 0.1.21 - Deserialization of Untrusted Data in Release Note Handler

CVE-2024-25117 MEDIUM

php-svg-lib <0.5.2 - Remote Code Execution via PHAR font-family URL

CVE-2024-23114 CRITICAL

Apache Camel 3.0.0-3.21.3, 3.22.0, 4.0.0-4.0.3, 4.1.0-4.3.0 - Deserialization of Untrusted Data

CVE-2024-22369 HIGH

Apache Camel <4.4.0 - Deserialization

CVE-2024-1651 CRITICAL

Torrentpier 2.4.1 - Remote Code Execution via Insecure Deserialization

CVE-2024-20953 HIGH KEV

Oracle Agile PLM 9.3.6 - Authenticated Remote Code Execution via Export Component Deserialization

CVE-2024-23478 HIGH

SolarWinds Access Rights Manager < 2023.2.3 - Authenticated Remote Code Execution via Deserialization

CVE-2024-23759 CRITICAL

Gambio <= 4.9.2.0 - Remote Code Execution via Parcelshopfinder AddAddressBookEntry Search Parameter

CVE-2024-23512 HIGH

wpxpo ProductX < 3.1.4 - PHP Object Injection via Untrusted Data Deserialization

CVE-2024-24926 HIGH

UnitedThemes Brooklyn <4.9.7.6 - Deserialization

CVE-2024-24797 CRITICAL

ERE Recently Viewed - Essential Real Estate Add-On <= 1.3 - Unauthenticated PHP Object Injection

CVE-2024-24796 HIGH

Mage-people Event Manager And Tickets Selling For Woocommerce < 4.1.2 - Insecure Deserialization

CVE-2024-23513 HIGH

PropertyHive < 2.0.5 - Deserialization of Untrusted Data

CVE-2024-25100 CRITICAL

WP Swings Coupon Referral Program <1.8.4 - Code Injection

Previous Page 62 of 114 Next

Details

Vulnerabilities 2,829

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy