Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,741 vulnerabilities with CWE-502

CVE-2026-33454 CRITICAL

Apache Camel MailHeaderFilterStrategy - MIME Header Injection RCE

CVE-2026-41635 CRITICAL

Apache MINA IoBuffer - Deserialization Remote Code Execution

CVE-2026-40860 CRITICAL

Apache Camel: Unsafe Deserialization of JMS ObjectMessage in camel-jms, camel-sjms, camel-sjms2 and camel-amqp

CVE-2026-40473 HIGH

Apache Camel Mina: Unsafe Deserialization in MinaConverter.toObjectInput() via TCP/UDP

CVE-2026-40048 HIGH

Apache Camel PQC: Unsafe Deserialization from FileBasedKeyLifecycleManager

CVE-2026-33819 CRITICAL

Microsoft Bing Remote Code Execution Vulnerability

CVE-2026-26210 CRITICAL

KTransformers Unsafe Deserialization RCE via balance_serve

CVE-2026-25874 CRITICAL

LeRobot Unsafe Deserialization Remote Code Execution via gRPC

CVE-2026-6857 HIGH

Camel-infinispan: camel-infinispan: remote code execution via unsafe deserialization

CVE-2026-6023 HIGH

Deserialization of Untrusted Data Vulnerability in Telerik UI for ASP.NET AJAX

CVE-2026-22016 HIGH

Oracle Java SE and GraalVM - Unauthorized Data Access

CVE-2026-39467 HIGH

WordPress Responsive Slider by MetaSlider plugin <= 3.106.0 - PHP Object Injection vulnerability

CVE-2026-25524 HIGH

OpenMage LTS's Phar Deserialization leads to Remote Code Execution

CVE-2026-25917 HIGH

Apache Airflow: API extra-links triggers XCom deserialization/class instantiation (Airflow 3.1.5)

CVE-2026-33337 HIGH

Firebird Slice Packet Parsing - Buffer Overflow

CVE-2026-40901 HIGH

DataEase: Quartz Deserialization → Remote Code Execution

CVE-2026-5426 CRITICAL

KnowledgeDeliver deployments before February 24, 2026 use a static ASP.NET/IIS machineKey value

CVE-2026-34615 CRITICAL

Adobe Connect | Deserialization of Untrusted Data (CWE-502)

CVE-2026-32192 HIGH

Azure Monitor Agent Elevation of Privilege Vulnerability

CVE-2026-32184 HIGH

Microsoft High Performance Compute (HPC) Pack Elevation of Privilege Vulnerability

CVE-2026-27303 CRITICAL

Adobe Connect | Deserialization of Untrusted Data (CWE-502)

CVE-2026-3017 HIGH

Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts <= 3.0.12 - Authenticated (Administrator+) PHP Object Injection

CVE-2026-40044 CRITICAL

Pachno 1.0.6 FileCache Deserialization Remote Code Execution

CVE-2026-33858 HIGH

Apache Airflow: Unsafe Deserialization via Legacy Serialization Keys (__type/__var) Bypass in XCom API

CVE-2026-1462 HIGH

Safe Mode Bypass in keras-team/keras

Previous Page 7 of 110 Next

Details

Vulnerabilities 2,741

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy