Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,829 vulnerabilities with CWE-502

CVE-2023-27459 HIGH

WPEverest User Registration < 2.3.2.1 - Authenticated PHP Object Injection

CVE-2023-51518 CRITICAL

Apache James <3.7.5, 3.8.0 - Privilege Escalation

CVE-2023-51389 CRITICAL

Hertzbeat < 1.4.1 - Deserialization of Untrusted Data via SnakeYAML Parser

CVE-2023-52357 HIGH

Huawei EMUI and HarmonyOS - Denial of Service via Serialization/Deserialization Mismatch

CVE-2023-40057 CRITICAL

SolarWinds Access Rights Manager < 2023.2.2 - Authenticated Remote Code Execution via Deserialization

CVE-2023-26592 LOW

Intel(R) Thunderbolt(TM) DCH <88 - DoS

CVE-2023-46615 MEDIUM

KD Coming Soon < 1.7 - PHP Object Injection via Untrusted Data Deserialization

CVE-2023-6933 HIGH

Better Search Replace <= 1.4.4 - Unauthenticated PHP Object Injection via Untrusted Input Deserialization

CVE-2023-50943 HIGH

Apache Airflow < 2.8.1 - Deserialization of Untrusted Data via XCom Poisoning

CVE-2023-1405 HIGH

Formidable Forms <6.2 - Code Injection

CVE-2023-6049 CRITICAL

Estatik Real Estate Plugin <4.1.1 - Code Injection

CVE-2023-7032 HIGH

Easergy Studio < 9.3.5 - Authenticated Privilege Escalation via Deserialization of Untrusted Data

CVE-2023-52202 CRITICAL

HTML5 MP3 Player with Folder Feedburner Playlist Free < 2.8.0 - PHP Object Injection via Untrusted Data Deserialization

CVE-2023-52206 HIGH

Page Builder: Live Composer < 1.5.25 - PHP Object Injection via Untrusted Data Deserialization

CVE-2023-52205 CRITICAL

HTML5 SoundCloud Player with Playlist Free < 2.8.0 - PHP Object Injection via Untrusted Data Deserialization

CVE-2023-52200 CRITICAL

ARMember < 4.0.22 - Cross-Site Request Forgery to PHP Object Injection

CVE-2023-6528 HIGH

Slider Revolution < 6.6.19 - Authenticated Remote Code Execution via Unsafe Slider Import

CVE-2023-5235 HIGH

Ovic Responsive WPBakery < 1.2.9 - Authenticated Object Injection via AJAX Action

CVE-2023-52207 CRITICAL

HTML5 MP3 Player with Playlist Free < 3.0.0 - PHP Object Injection via Untrusted Data Deserialization

CVE-2023-52225 CRITICAL

Taggbox < 3.1 - Insecure Deserialization

CVE-2023-52219 CRITICAL

Gecka Terms Thumbnails < 1.1 - PHP Object Injection via Untrusted Data Deserialization

CVE-2023-52218 CRITICAL

Anton Bond Woocommerce Tranzila Payment Gateway < 1.0.8 - Unauthenticated PHP Object Injection

CVE-2023-49442 CRITICAL

JEECG < 4.0 - Remote Code Execution via jeecgFormDemoController Deserialization

CVE-2023-51785 HIGH

Apache InLong <1.10.0 - Deserialization

CVE-2023-49777 CRITICAL

YITH WooCommerce Product Add-Ons <= 4.3.0 - PHP Object Injection via Untrusted Data Deserialization

Previous Page 65 of 114 Next

Details

Vulnerabilities 2,829

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy