Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,831 vulnerabilities with CWE-502

CVE-2023-1669 HIGH

SEOPress < 6.5.0.3 - Authenticated PHP Object Injection via Settings Unserialization

CVE-2023-1967 CRITICAL

Keysight N8844A < 2.1.7351 - Deserialization of Untrusted Data

CVE-2023-20853 CRITICAL

aEnrich a+HRD - Unauthenticated Remote Code Execution via MSMQ Deserialization

CVE-2023-20852 CRITICAL

aEnrich a+HRD - Unauthenticated Remote Code Execution via MSMQ Interpreter Deserialization

CVE-2023-2141 HIGH

DELMIA Apriso <2022 - Code Injection

CVE-2023-20864 CRITICAL

VMware Aria Operations for Logs 8.10.2-8.11.x - Unauthenticated Remote Code Execution via Deserialization

CVE-2023-2042 MEDIUM

DataGear < 4.5.1 - Deserialization of Untrusted Data in JDBC Server Handler

CVE-2023-1552 MEDIUM

GE ToolboxST < 7.10 - Deserialization of Untrusted Configuration File

CVE-2023-1381 HIGH

WP Meta SEO < 4.5.5 - PHAR Deserialization and Remote Code Execution via Image File Path Manipulation

CVE-2023-29216 CRITICAL

Apache Linkis <=1.3.1 - Deserialization

CVE-2023-29215 CRITICAL

Apache Linkis <=1.3.1 - Code Injection

CVE-2023-28500 CRITICAL

Adobe LiveCycle ES4 <11.0 - Code Injection

CVE-2023-20102 HIGH

Cisco Secure Network Analytics - RCE

CVE-2023-29006 HIGH

GLPI Order GLPI <2.7.7-2.10.1 - Command Injection

CVE-2023-28462 CRITICAL

Payara Server 4.1.2.191-5.20.0, 5.2020.1-6.2022.1.Alpha3 - Remote Code Execution via JNDI Rebind

CVE-2023-26548 HIGH

Huawei EMUI and HarmonyOS - Denial of Service via PGMNG Deserialization

CVE-2023-26547 HIGH

Huawei EMUI and HarmonyOS - Privilege Escalation via InputMethod Serialization/Deserialization Mismatch

CVE-2023-1399 HIGH

N6854A Geolocation Server <2.4.2 - Privilege Escalation

CVE-2023-27296 HIGH

Apache InLong <1.5.0 - Deserialization

CVE-2023-1145 HIGH

InfraSuite Device Master < 1.0.5 - Unauthenticated Remote Code Execution via Device-DataCollect Service Deserialization

CVE-2023-1139 HIGH

InfraSuite Device Master < 1.0.5 - Unauthenticated Remote Code Execution via Device-gateway Service Deserialization

CVE-2023-1133 CRITICAL

Delta Electronics InfraSuite Device Master < 1.0.5 - Remote Code Execution via UDP Deserialization

CVE-2023-26359 CRITICAL KEV

Adobe ColdFusion <2018 Update 15, 2021 Update 5 - Code Injection

CVE-2023-28667 CRITICAL

Lead Generated WordPress Plugin <=1.23 - Unauthenticated Code Injec...

CVE-2023-27978 HIGH

Schneider Electric IGSS Dashboard < 16.0.0.23040 - Remote Code Execution via Untrusted Data Deserialization

Previous Page 73 of 114 Next

Details

Vulnerabilities 2,831

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy