Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,829 vulnerabilities with CWE-502

CVE-2023-35814 LOW

DevExpress < 23.1.3 - Deserialization of Untrusted Data in XtraReport

CVE-2023-27531 MEDIUM

Kredis < 1.3.0.1 - Deserialization of Untrusted Data via JSON Deserialization

CVE-2023-51642 MEDIUM

Allegra <= 7.5.1 loadFieldMatch - Deserialization Code Execution

CVE-2023-51641 MEDIUM

Allegra < 7.5.1 - Authenticated Remote Code Execution via renderFieldMatch Deserialization

CVE-2023-32736 HIGH

SIMATIC S7-PLCSIM V16 and V17 - Remote Code Execution via Deserialization of Untrusted Data

CVE-2023-25581 CRITICAL

pac4j-core < 4.0.0 - Remote Code Execution via Java Deserialization with {#sb64} Prefix

CVE-2023-37227 CRITICAL

Loftware Spectrum < 4.6 HF13 - Deserialization of Untrusted Data

CVE-2023-49566 HIGH

Apache Linkis <=1.5.0 - Authenticated JNDI Injection via DB2 DataSource Parameters

CVE-2023-46801 HIGH

Apache Linkis <=1.5.0 - Authenticated RCE

CVE-2023-32737 MEDIUM

SIMATIC STEP 7 Safety <V18 Update 2 - Code Injection

CVE-2023-32735 MEDIUM

SIMATIC STEP 7 Safety <V16.7-V18.2, SIMATIC STEP 7 <V16.7-V18.2, SI...

CVE-2023-38264 MEDIUM

IBM SDK Java 7.1.0.0-7.1.5.21 & 8.0.0.0-8.0.8.21 - DoS via ORB Deserialization Filter Bypass

CVE-2023-51576 CRITICAL

Voltronic Power ViewPower - Deserialization

CVE-2023-50223 HIGH

Inductive Automation Ignition 8.1.0-8.1.35 - Remote Code Execution via Deserialization

CVE-2023-50222 HIGH

Inductive Automation Ignition 8.1.0-8.1.34 - Remote Code Execution via ResponseParser Deserialization

CVE-2023-50221 HIGH

Inductive Automation Ignition 8.1.0-8.1.34 - Remote Code Execution via ResponseParser Deserialization

CVE-2023-50220 HIGH

Inductive Automation Ignition 8.1.0-8.1.35 - Authenticated Remote Code Execution via Base64Element Deserialization

CVE-2023-50219 HIGH

Inductive Automation Ignition 8.1.0-8.1.35 - Authenticated Remote Code Execution via RunQuery Deserialization

CVE-2023-50218 HIGH

Inductive Automation Ignition 8.1.0-8.1.35 - Authenticated Remote Code Execution via ModuleInvoke Deserialization

CVE-2023-39476 CRITICAL

Inductive Automation Ignition 8.1.0-8.1.34 - RCE via Java Deserialization

CVE-2023-39475 CRITICAL

Inductive Automation Ignition 8.1.0-8.1.34 - RCE via ParameterVersionJavaSerializationCodec Deserialization

CVE-2023-39473 HIGH

Inductive Automation Ignition 8.1.0-8.1.34 - Remote Code Execution via Deserialization

CVE-2023-7064 HIGH

Shortcodes and extra features for Phlox theme < 2.17.5 - Authenticated PHP Object Injection via 'id' Parameter

CVE-2023-51570 CRITICAL

Voltronic Power ViewPower Pro - Deserialization

CVE-2023-23649 HIGH

MainWP MainWP Links Manager Extension <2.1 - Deserialization

Previous Page 64 of 114 Next

Details

Vulnerabilities 2,829

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy