Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,831 vulnerabilities with CWE-502

CVE-2023-21779 HIGH

Visual Studio Code < 1.74.3 - Remote Code Execution via Untrusted Data Deserialization

CVE-2023-21762 HIGH

Microsoft Exchange Server - Spoofing via Deserialization of Untrusted Data

CVE-2023-21745 HIGH

Microsoft Exchange Server - Spoofing via Deserialization of Untrusted Data

CVE-2023-21744 HIGH

Microsoft SharePoint Foundation and Server - Remote Code Execution via Untrusted Data Deserialization

CVE-2023-21538 HIGH

.NET - Denial of Service via Untrusted Data Deserialization

CVE-2022-45134 CRITICAL

Mahara 21.10.0-21.10.5, 22.04.0-22.04.3, 22.10.0 - Remote Code Execution via Skin Import XML Deserialization

CVE-2022-45185 HIGH

SuiteCRM 7.12.7 - Authenticated Remote Code Execution via Deserialization

CVE-2022-41137 HIGH

Apache Hive - Remote Code Execution

CVE-2022-2439 HIGH

Easy Digital Downloads < 3.3.4 - Authenticated Deserialization of Untrusted Data via Upload File Parameter

CVE-2022-2446 HIGH

WP Editor <= 1.2.9 - Authenticated Deserialization of Untrusted Data via current_theme_root Parameter

CVE-2022-2440 HIGH

Theme Editor < 2.8 - Authenticated Deserialization of Untrusted Data via images_array Parameter

CVE-2022-45147 HIGH

SIMATIC PCS neo V4.0-STEP 7 V18 - Code Injection

CVE-2022-45845 MEDIUM

Nextend Smart Slider 3 <= 3.5.1.9 - PHP Object Injection via Untrusted Data Deserialization

CVE-2022-45083 MEDIUM

ProfilePress < 4.3.2 - PHP Object Injection via Untrusted Data Deserialization

CVE-2022-34268 CRITICAL

RWS WorldServer < 11.7.3 - Unauthenticated Remote Code Execution via Java Deserialization

CVE-2022-47599 MEDIUM

File Manager by Bit Form Team < 5.2.7 - Deserialization of Untrusted Data

CVE-2022-3342 HIGH

Jetpack CRM <5.3.1 - Code Injection

CVE-2022-1415 HIGH

Redhat Decision Manager < 7.69.0.Final - Insecure Deserialization

CVE-2022-40609 HIGH

IBM SDK < 7.1.5.19 - Remote Code Execution via Unsafe Deserialization

CVE-2022-4815 HIGH

Hitachi Vantara Pentaho Business Analytics Server <9.4.0.1-9.3.0.3 ...

CVE-2022-36978 CRITICAL

Ivanti Avalanche 6.3.2.3490-6.3.4 - Remote Code Execution via Untrusted Data Deserialization

CVE-2022-36977 CRITICAL

Ivanti Avalanche 6.3.2.3490-<6.3.4 - Remote Code Execution via Certificate Management Server Deserialization

CVE-2022-36974 CRITICAL

Ivanti Avalanche 6.3.2.3490-6.3.4 - Remote Code Execution via Untrusted Data Deserialization

CVE-2022-36971 HIGH

Ivanti Avalanche 6.3.2.3490-6.3.4 - Remote Code Execution via JwtTokenUtility Deserialization

CVE-2022-2561 HIGH

OPC Labs QuickOPC 5.63-5.63.246 - Remote Code Execution via XML Deserialization in Connectivity Explorer

Previous Page 75 of 114 Next

Details

Vulnerabilities 2,831

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy