Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,830 vulnerabilities with CWE-502

CVE-2023-37895 CRITICAL

Apache Jackrabbit 1.0.0-2.20.10 and 2.21.0-2.21.17 - Remote Code Execution via RMI Deserialization

CVE-2023-34434 HIGH

Apache InLong 1.4.0-1.7.0 - Arbitrary File Read via Deserialization Bypass

CVE-2023-3324 MEDIUM

ABB Ability zenon - Info Disclosure

CVE-2023-38203 CRITICAL KEV

Adobe ColdFusion <2018u17, <2021u7, <2023u1 - Code Injection

CVE-2023-28754 HIGH

Apache ShardingSphere-Agent - Code Injection

CVE-2023-26512 CRITICAL

Apache EventMesh <1.8.0 - Code Injection

CVE-2023-3513 HIGH

Razer RazerCentral <7.11.0.558 - Privilege Escalation

CVE-2023-25770 CRITICAL

Honeywell C300 Firmware 501.1-501.6hf8 - Denial of Service via Crafted Message Buffer Overflow

CVE-2023-3343 HIGH

User Registration < 3.0.1 - Authenticated PHP Object Injection via Profile Pic URL Parameter

CVE-2023-29300 CRITICAL KEV

Adobe ColdFusion <2018u16, <2021u6, <2023.0.0.330468 - Code Injection

CVE-2023-36825 CRITICAL

Orchid Platform 14.0.0-alpha4-14.5.0 - Remote Code Execution via _state Query Parameter Deserialization

CVE-2023-35317 HIGH

Windows Server 2012, 2016, 2019, 2022 - Elevation of Privilege via WSUS Deserialization

CVE-2023-33160 HIGH

Microsoft SharePoint Server - Remote Code Execution via Untrusted Data Deserialization

CVE-2023-33134 HIGH

Microsoft SharePoint Server - Remote Code Execution via Untrusted Data Deserialization

CVE-2023-34347 CRITICAL

InfraSuite Device Master < 1.0.7 - Remote Code Execution via Untrusted Deserialization

CVE-2023-33008 MEDIUM

Apache Johnzon <= 1.2.20 - Denial of Service via BigDecimal Deserialization

CVE-2023-28323 CRITICAL

Ivanti Endpoint Manager < 2022 Su3 - Unauthenticated Deserialization of Untrusted Data

CVE-2023-31222 CRITICAL

Medtronic's Paceart Optima <1.11 - Deserialization

CVE-2023-21209 MEDIUM

Android 13 - Local Privilege Escalation via Unsafe Deserialization in sta_iface.cpp

CVE-2023-21206 MEDIUM

Android 13 - Local Information Disclosure via Unsafe Deserialization in sta_iface.cpp

CVE-2023-21205 MEDIUM

Android 13 - Local Information Disclosure via Unsafe Deserialization in sta_iface.cpp

CVE-2023-33299 CRITICAL

Fortinet FortiNAC <7.2.1, <9.4.3, <9.2.8, <=8.x - Use After Free

CVE-2023-26436 HIGH

Open-Xchange AppSuite Backend <= 7.10.6 - Deserialization Code Injection

CVE-2023-35839 CRITICAL

Solon < 2.3.3 - Remote Code Execution via Sofa-Hessian Deserialization Bypass

CVE-2023-3308 MEDIUM

whaleal IceFrog 1.1.8 - Deserialization

Previous Page 71 of 114 Next

Details

Vulnerabilities 2,830

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy