Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,831 vulnerabilities with CWE-502

CVE-2023-3308 MEDIUM

whaleal IceFrog 1.1.8 - Deserialization

CVE-2023-21124 HIGH

Android 11-13 - Local Privilege Escalation via Unsafe Deserialization

CVE-2023-32031 HIGH

Microsoft Exchange Server - Remote Code Execution via Untrusted Data Deserialization

CVE-2023-28310 HIGH

Microsoft Exchange Server - Remote Code Execution via Untrusted Data Deserialization

CVE-2023-3001 HIGH

IGSS Dashboard < 16.0.0.23131 - Remote Code Execution via Malicious File Deserialization

CVE-2023-3234 MEDIUM

crmeb < 4.6.0 - Deserialization of Untrusted Data via PublicController.php put_image Function

CVE-2023-3232 MEDIUM

crmeb < 4.6.0 - Deserialization of Untrusted Data via Image Upload API

CVE-2023-34212 MEDIUM

Apache NiFi 1.8.0-1.21.0 - Authenticated Deserialization of Untrusted Data via JNDI URL Configuration

CVE-2023-30262 HIGH

MIM Concurrent License Server 6.5.0-7.0.9 - Unauthenticated Remote Code Execution via RMI Registry Deserialization

CVE-2023-33496 CRITICAL

xxl-rpc < 1.7.0 - Deserialization of Untrusted Data via NettyDecode#decode

CVE-2023-33284 HIGH

Marval MSM <=15.0 - Authenticated Remote Code Execution

CVE-2023-20888 HIGH

VMware Aria Operations for Networks 6.2.0-6.9.0 - Authenticated Remote Code Execution via Deserialization

CVE-2023-33963 CRITICAL

DataEase < 1.18.7 - Remote Code Execution via Untrusted Data Deserialization

CVE-2023-2288 HIGH

Otter < 2.2.6 - PHAR Deserialization via Unsanitized File Path

CVE-2023-2500 HIGH

Go Pricing WordPress Plugin <= 3.3.19 - Authenticated PHP Object Injection

CVE-2023-27068 CRITICAL

Sitecore Experience Platform <=10.2 - Code Injection

CVE-2023-31058 HIGH

Apache InLong <1.6.0 - Deserialization

CVE-2023-32336 HIGH

IBM InfoSphere Information Server 11.7 - Remote Code Execution via Insecure Deserialization in RMI Service

CVE-2023-31890 CRITICAL

glazedlists <1.11.0 - Code Injection

CVE-2023-20878 HIGH

VMware Aria Operations - Authenticated Remote Code Execution via Deserialization

CVE-2023-30899 CRITICAL

Siveillance Video <2020 R2 V20.2 HotfixRev14 - Authenticated RCE via Unsafe Deserialization

CVE-2023-30898 CRITICAL

Siveillance Video Multiple Versions - Authenticated Remote Code Execution via Event Server Deserialization

CVE-2023-1650 CRITICAL

AI ChatBot WP <4.4.7 - Code Injection

CVE-2023-1347 HIGH

Customizer Export/Import < 0.9.6 - Authenticated PHP Object Injection via Unserialization

CVE-2023-1196 HIGH

Advanced Custom Fields 5.0.0-5.12.5 and 6.x < 6.1.0 - Authenticated PHP Object Injection via Unsafe Unserialization

Previous Page 72 of 114 Next

Details

Vulnerabilities 2,831

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy