Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,830 vulnerabilities with CWE-502

CVE-2023-49777 CRITICAL

YITH WooCommerce Product Add-Ons <= 4.3.0 - PHP Object Injection via Untrusted Data Deserialization

CVE-2023-52182 CRITICAL

ARI Stream Quiz < 1.3.0 - PHP Object Injection via Untrusted Data Deserialization

CVE-2023-52181 CRITICAL

Presslabs Theme per user <= 1.0.1 - Unauthenticated PHP Object Injection

CVE-2023-51545 CRITICAL

ThemeHigh Job Manager & Career - CSRF

CVE-2023-51505 CRITICAL

Pluginus Woot < 1.0.6 - Insecure Deserialization

CVE-2023-51470 CRITICAL

Rencontre - Dating Site <3.11.1 - Deserialization

CVE-2023-51422 CRITICAL

Saleswonder Team Webinar Plugin <3.05.0 - Deserialization

CVE-2023-51414 CRITICAL

EnvialoSimple <2.1 - Deserialization

CVE-2023-36381 MEDIUM

Zippy < 1.6.5 - PHP Object Injection via Untrusted Data Deserialization

CVE-2023-32795 HIGH

WooCommerce Product Add-Ons < 6.1.3 - Authenticated PHP Object Injection

CVE-2023-32513 HIGH

GiveWP - Donation Plugin and Fundraising Platform <= 2.25.3 - PHP Object Injection

CVE-2023-51700 MEDIUM

Jamieblomerus Unofficial Mobile Bankid Integration < 1.0.1 - Insecure Deserialization

CVE-2023-49826 HIGH

PenciDesign Soledad < 8.4.1 - Unauthenticated PHP Object Injection via Deserialization

CVE-2023-49778 CRITICAL

Sayfa Sayac <= 2.6 - Unauthenticated PHP Object Injection

CVE-2023-32242 CRITICAL

WoodMart - Multipurpose WooCommerce Theme <= 1.0.36 - Deserialization of Untrusted Data

CVE-2023-51656 CRITICAL

Apache IoTDB <1.2.2 - Deserialization

CVE-2023-7018 HIGH

huggingface/transformers < 4.36.0 - Remote Code Execution via Pickle Deserialization

CVE-2023-49773 CRITICAL

BCorp Shortcodes < 0.23 - Unauthenticated PHP Object Injection via Deserialization

CVE-2023-49772 CRITICAL

Genesis Simple Love < 2.0 - Unauthenticated PHP Object Injection via Untrusted Data Deserialization

CVE-2023-28782 HIGH

Rocketgenius Inc. Gravity Forms <2.7.3 - Deserialization

CVE-2023-47507 HIGH

Master Slider Pro < 3.6.5 - PHP Object Injection via Untrusted Data Deserialization

CVE-2023-46147 HIGH

Themify Themify Ultra - Use After Free

CVE-2023-40555 HIGH

UX-themes Flatsome <3.17.5 - Deserialization

CVE-2023-34382 MEDIUM

Dokan < 3.7.19 - PHP Object Injection via Untrusted Data Deserialization

CVE-2023-34027 HIGH

Recently Viewed Products < 1.0.0 - PHP Object Injection via Untrusted Data Deserialization

Previous Page 66 of 114 Next

Details

Vulnerabilities 2,830

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy