Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,830 vulnerabilities with CWE-502

CVE-2023-37390 HIGH

Themesflat Addons For Elementor < 2.0.0 - Unauthenticated PHP Object Injection

CVE-2023-6730 HIGH

huggingface/transformers < 4.36.0 - Deserialization of Untrusted Data

CVE-2023-49819 HIGH

Structured Content (JSON-LD) #wpsc < 1.5.3 - PHP Object Injection via Untrusted Data Deserialization

CVE-2023-46154 MEDIUM

E2Pdf - Export To Pdf Tool for WordPress <= 1.20.18 - PHP Object Injection

CVE-2023-46279 CRITICAL

Apache Dubbo <3.1.5 - Use After Free

CVE-2023-29234 CRITICAL

Apache Dubbo <3.1.10, <3.2.4 - Deserialization

CVE-2023-50252 HIGH

php-svg-lib < 0.5.1 - PHAR Deserialization via Unsanitized href Attribute in SVG use Tag

CVE-2023-6656 MEDIUM

DeepFaceLab pretrained DF.wf.288res.384.92.72.22 - Deserialization

CVE-2023-6654 MEDIUM

PHPEMS 6.x/7.x/8.x/9.0 - Deserialization

CVE-2023-6580 HIGH

D-Link DIR-846 FW100A53DBR - Deserialization

CVE-2023-49297 LOW

PyDrive2 <1.16.2 - Arbitrary Code Execution via Unsafe YAML Deserialization

CVE-2023-46674 MEDIUM

Elasticsearch < 7.17.11 - Authenticated Remote Code Execution via Unsafe Java Deserialization

CVE-2023-48967 CRITICAL

Ssolon <2.6.0, <2.5.12 - Deserialization

CVE-2023-48887 CRITICAL

Jupiter 1.3.1 - Remote Code Execution via RPC Request Deserialization

CVE-2023-48886 CRITICAL

NettyRpc 1.2 - Remote Code Execution via Deserialization

CVE-2023-47207 CRITICAL

Delta Electronics InfraSuite Device Master 1.0.7 - Unauthenticated Remote Code Execution via Deserialization

CVE-2023-48952 HIGH

openlink virtuoso-opensource <7.2.11 - DoS

CVE-2023-6378 HIGH

logback 1.4.11 - Denial of Service via Serialization Vulnerability

CVE-2023-46990 CRITICAL

PublicCMS <4.0.202302.e - Code Injection

CVE-2023-46302 CRITICAL

Apache Submarine - YAML Deserialization

CVE-2023-44353 CRITICAL

Adobe ColdFusion <= 2023.5 and <= 2021.11 - Deserialization of Untrusted Data

CVE-2023-44351 CRITICAL

Adobe ColdFusion <= 2023.5 and <= 2021.11 - Deserialization of Untrusted Data

CVE-2023-44350 CRITICAL

Adobe ColdFusion <= 2023.5 and <= 2021.11 - Deserialization of Untrusted Data

CVE-2023-47130 HIGH

Yii < 1.1.29 - Remote Code Execution via Untrusted Data Deserialization

CVE-2023-38177 MEDIUM

Microsoft SharePoint Server - Remote Code Execution via Untrusted Data Deserialization

Previous Page 67 of 114 Next

Details

Vulnerabilities 2,830

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy