Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,831 vulnerabilities with CWE-502

CVE-2023-28115 CRITICAL

Snappy < 1.4.2 - Remote Code Execution via PHAR Deserialization in file_exists()

CVE-2023-26464 HIGH

Apache Log4j < 2.0 - Denial of Service via Chainsaw or SocketAppender Deserialization

CVE-2023-23638 MEDIUM

Apache Dubbo 2.7.0-2.7.21, 3.0.0-3.0.13, 3.1.0-3.1.5 - Remote Code Execution via Generic Invoke Deserialization

CVE-2023-26779 CRITICAL

CleverStupidDog yf-exam <1.8.0 - Deserialization

CVE-2023-27372 CRITICAL

SPIP < 4.2.1 - Remote Code Execution via Form Value Deserialization

CVE-2023-20944 HIGH

Android - Local Privilege Escalation via Unsafe Deserialization in ChooseTypeAndAccountActivity

CVE-2023-26326 CRITICAL

BuddyForms <2.7.8 - Insecure Deserialization

CVE-2023-0960 MEDIUM

SeaCMS 11.6 - Deserialization of Untrusted Data in Picture Management

CVE-2023-26234 MEDIUM

JD-GUI 1.6.6 - Deserialization of Untrusted Data via UIMainWindowPreferencesProvider

CVE-2023-23836 HIGH

SolarWinds Platform <2022.4.1 - Deserialization

CVE-2023-21713 HIGH

Microsoft SQL Server - Remote Code Execution via Untrusted Data Deserialization

CVE-2023-21710 HIGH

Microsoft Exchange Server - Remote Code Execution via Untrusted Data Deserialization

CVE-2023-21707 HIGH

Microsoft Exchange Server - Remote Code Execution via Untrusted Data Deserialization

CVE-2023-21706 HIGH

Microsoft Exchange Server - Remote Code Execution via Untrusted Data Deserialization

CVE-2023-21703 MEDIUM

Azure Data Box Gateway and Azure Stack Edge - Remote Code Execution via Untrusted Data Deserialization

CVE-2023-21568 HIGH

Microsoft SQL Server Integration Service - RCE

CVE-2023-21529 HIGH KEV

Microsoft Exchange Server - Remote Code Execution

CVE-2023-25558 HIGH

DataHub < 0.9.5 - Remote Code Execution via Unsafe id_token Deserialization

CVE-2023-25194 HIGH

Apache Kafka Connect 2.3.0-3.3.1 - Authenticated Remote Code Execution via SASL JAAS Config Deserialization

CVE-2023-0669 HIGH KEV

Fortra GoAnywhere MFT Unsafe Deserialization RCE

CVE-2023-25135 CRITICAL

vBulletin < 5.6.9 PL1 - Unauthenticated Remote Code Execution via Deserialization

CVE-2023-24997 CRITICAL

Apache InLong 1.1.0-1.5.0 - Deserialization of Untrusted Data

CVE-2023-24162 CRITICAL

Dromara Hutool <5.8.11 - Code Injection

CVE-2023-21839 HIGH KEV

Oracle WebLogic Server <14.1.1.0.0 - RCE

CVE-2023-22850 HIGH

Tiki < 24.1 - PHP Object Injection via Spreadsheets Feature

Previous Page 74 of 114 Next

Details

Vulnerabilities 2,831

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy