Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,830 vulnerabilities with CWE-502

CVE-2023-36745 HIGH

Microsoft Exchange Server - Remote Code Execution

CVE-2023-36744 HIGH

Microsoft Exchange Server - Remote Code Execution via Deserialization of Untrusted Data

CVE-2023-36736 MEDIUM

Microsoft Identity Linux Broker - RCE

CVE-2023-35669 HIGH

Android - Local Privilege Escalation via Unsafe Deserialization in AccountManagerService

CVE-2023-4528 HIGH

JSCAPE MFT Server <2023.1.9 - Code Injection

CVE-2023-41330 CRITICAL

knplabs/snappy < 1.4.3 - Remote Code Execution via PHAR Wrapper Case Bypass

CVE-2023-0925 CRITICAL

webMethods OneData 10.11 - Unauthenticated Remote Code Execution via Java RMI Registry Deserialization

CVE-2023-37941 MEDIUM

Apache Superset 1.5.0-2.1.0 - Remote Code Execution via Metadata Database Deserialization

CVE-2023-30534 MEDIUM

Cacti < 1.2.25 - Insecure Deserialization in graphs_new.php

CVE-2023-28072 HIGH

Dell Alienware Command Center < 5.5.51.0 - Remote Code Execution via .NET Remoting Deserialization

CVE-2023-40595 HIGH

Splunk Enterprise <8.2.12, 9.0.6, 9.1.1 - Code Injection

CVE-2023-40195 HIGH

Apache Airflow Spark Provider < 4.1.3 - Authenticated Remote Code Execution via Malicious Spark Server

CVE-2023-40571 CRITICAL

weblogic- framework <0.2.3 - Deserialization

CVE-2023-24621 HIGH

Esoteric YamlBeans <1.15 - Deserialization

CVE-2023-34040 MEDIUM

Spring for Apache Kafka <3.0.9 & <2.9.10 - Deserialization

CVE-2023-39106 HIGH

Nacos Group Nacos Spring Project <1.1.1 - RCE

CVE-2023-3259 CRITICAL

Dataprobe iBoot PDU Firmware < 1.44.0804202 - Authentication Bypass via IP Address Cookie Manipulation

CVE-2023-39396 HIGH

Huawei EMUI and HarmonyOS - Deserialization of Untrusted Data in Input Module

CVE-2023-38182 HIGH

Microsoft Exchange Server - Remote Code Execution via Deserialization of Untrusted Data

CVE-2023-38181 HIGH

Microsoft Exchange Server - Spoofing via Deserialization of Untrusted Data

CVE-2023-35388 HIGH

Microsoft Exchange Server - Remote Code Execution via Deserialization of Untrusted Data

CVE-2023-38689 HIGH

Logistics Pipes - Code Injection

CVE-2023-36480 CRITICAL

Aerospike Java Client <7.0.0-4.5.0 - Deserialization

CVE-2023-24971 HIGH

IBM B2B Advanced Communications 1.0.0.0 & Multi-Enterprise Integration Gateway 1.0.0.1 DoS via Java Deserialization

CVE-2023-38647 CRITICAL

Apache Helix < 1.3.0 - Remote Code Execution via SnakeYAML Deserialization

Previous Page 70 of 114 Next

Details

Vulnerabilities 2,830

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy