Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,830 vulnerabilities with CWE-502

CVE-2023-45146 CRITICAL

XXL-RPC < 1.7.0 - Remote Code Execution via Hessian Deserialization

CVE-2023-35084 CRITICAL

Ivanti Endpoint Manager < 2022 su3 - Remote Code Execution via Unsafe Deserialization

CVE-2023-4971 HIGH

Weaver Xtreme Theme Support < 6.3.1 - Authenticated PHP Object Injection via Import File Deserialization

CVE-2023-23930 MEDIUM

vantage6 < 4.0.2 - Remote Code Execution via Pickle Deserialization

CVE-2023-44392 HIGH

Garden < 0.12.65 - Remote Code Execution via Cryo Deserialization in Test/Run Result ConfigMaps

CVE-2023-26153 HIGH

geokit-rails <2.5.0 - Command Injection

CVE-2023-43981 CRITICAL

Presto Changeo testsitecreator <1.1.1 - Deserialization

CVE-2023-42809 CRITICAL

Redisson < 3.22.0 - Remote Code Execution via Untrusted Java Object Deserialization

CVE-2023-5391 CRITICAL

EcoStruxure Power Monitoring Expert - Remote Code Execution via Untrusted Data Deserialization

CVE-2023-43176 HIGH

Afterlogic Aurora Files <9.7.3 - Code Injection

CVE-2023-43268 HIGH

Deyue Remote Vehicle Management System v1.1 - Deserialization

CVE-2023-39410 HIGH

Apache Avro <= 1.11.2 - Denial of Service via Memory Exhaustion in Data Deserialization

CVE-2023-44273 CRITICAL

gnark-crypto < 0.12.0 - Signature Malleability via EdDSA and ECDSA Deserialization

CVE-2023-5183 CRITICAL

Illumio Core Policy Compute Engine < 19.3.7 - Authenticated Remote Code Execution via Unsafe JSON Deserialization

CVE-2023-43291 CRITICAL

emlog < 2.1.15 - Remote Code Execution via Cache.php Deserialization

CVE-2023-40044 CRITICAL KEV

WS_FTP Server < 8.7.4 - Unauthenticated Remote Code Execution via .NET Deserialization

CVE-2023-40619 CRITICAL

phpPgAdmin <7.14.4 - Code Injection

CVE-2023-5016 MEDIUM

spider-flow < 0.5.0 - Remote Code Execution via Fastjson JDBC Deserialization

CVE-2023-32665 MEDIUM

GLib < 2.74.4 - Denial of Service via GVariant Deserialization

CVE-2023-32636 MEDIUM

glib < 2.74.4 - Denial of Service via GVariant Deserialization Offset Table Validation

CVE-2023-38204 CRITICAL

Adobe ColdFusion <2018u18, <2021u8, <2023u2 - Code Injection

CVE-2023-38155 HIGH

Azure DevOps Server - Remote Code Execution via Untrusted Data Deserialization

CVE-2023-36777 MEDIUM

Microsoft Exchange Server - Info Disclosure

CVE-2023-36757 HIGH

Microsoft Exchange Server - Spoofing via Deserialization of Untrusted Data

CVE-2023-36756 HIGH

Microsoft Exchange Server - Remote Code Execution via Deserialization of Untrusted Data

Previous Page 69 of 114 Next

Details

Vulnerabilities 2,830

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy