Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,829 vulnerabilities with CWE-502

CVE-2024-1432 MEDIUM

DeepFaceLab - Deserialization of Untrusted Data in apply_xseg Function

CVE-2024-1353 MEDIUM

PHPEMS < 1.0 - Deserialization of Untrusted Data via picurl Argument in index.api.php

CVE-2024-24590 HIGH

Allegro AI's ClearML <1.14.2 - Code Injection

CVE-2024-0668 MEDIUM

WordPress Advanced Database Cleaner <3.1.3 - Code Injection

CVE-2024-1225 HIGH

QiboSoft QiboCMS X1 < 1.0.6 - Deserialization of Untrusted Data via Pay.php callback_class Parameter

CVE-2024-1198 MEDIUM

openBI 6.0.0-6.0.3 - Remote Code Execution via Phar Deserialization in User Controller

CVE-2024-22320 CRITICAL

IBM Operational Decision Manager - Java Deserialization

CVE-2024-1032 HIGH

openBI < 1.0.8 - Deserialization of Untrusted Data via Test Connection Handler

CVE-2024-0960 MEDIUM

Flink-extended ai-flow 0.3.1 - Deserialization

CVE-2024-0959 MEDIUM

StanfordVL GibsonEnv 0.3.1 - Deserialization

CVE-2024-20253 CRITICAL

Cisco Unified Communications Manager < 12.5(1)su8 & 14.0-14su3 - RCE via Deserialization

CVE-2024-0937 MEDIUM

van_der_Schaar LAB synthcity <0.2.9 - Deserialization

CVE-2024-0936 MEDIUM

van_der_Schaar LAB TemporAI <0.0.3 - Deserialization

CVE-2024-22309 HIGH

QuantumCloud ChatBot <5.1.0 - Deserialization

CVE-2024-22284 HIGH

Asgaros Forum <2.7.2 - Use After Free

CVE-2024-23636 CRITICAL

SOFARPC < 5.12.0 - Deserialization of Untrusted Data via SOFA Hessian Blacklist Bypass

CVE-2024-0739 HIGH

Hecheng Leadshop <1.4.20 - Deserialization

CVE-2024-0654 MEDIUM

DeepFaceLab pretrained DF.wf.288res.384.92.72.22 - Deserialization

CVE-2024-20926 MEDIUM

Oracle GraalVM - Unauthenticated Improper Access Control

CVE-2024-0603 HIGH

zhicms < 4.0 - Deserialization via mylike Argument in Gift Controller

CVE-2024-21318 HIGH

Microsoft SharePoint Server - Remote Code Execution via Untrusted Data Deserialization

CVE-2024-0302 MEDIUM

fhs-opensource iparking 1.5.22.RELEASE - Remote Code Execution via Unsafe Deserialization in /vueLogin

CVE-2023-7334 CRITICAL

Chanjetvip T+ < 16.000.000.0283 - Insecure Deserialization

CVE-2023-49886 CRITICAL

IBM Transformation Extender Advanced - Remote Code Execution via Unsafe Java Deserialization

CVE-2023-35815 LOW

DevExpress < 23.1.3 - Deserialization of Untrusted Data via XML Data

Previous Page 63 of 114 Next

Details

Vulnerabilities 2,829

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy