Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,831 vulnerabilities with CWE-502

CVE-2022-28685 HIGH

AVEVA Edge 2020 SP2 Patch 4201.2111.1802.0000 - RCE

CVE-2022-37936 CRITICAL

HPE Serviceguard for Linux < a.12.80.05 - Unauthenticated Remote Code Execution via Java Deserialization

CVE-2022-23535 HIGH

LiteDB < 5.0.13 - Deserialization of Untrusted Data via BsonDocument _type Field

CVE-2022-48282 MEDIUM

MongoDB C# Driver < 2.19.0 - Authenticated Remote Code Execution via Untrusted Data Deserialization

CVE-2022-47986 CRITICAL KEV

IBM Aspera Faspex < 4.4.2 PL2 - Remote Code Execution via YAML Deserialization

CVE-2022-47507 HIGH

SolarWinds Orion Platform - Remote Code Execution via Deserialization of Untrusted Data

CVE-2022-47504 HIGH

SolarWinds Orion Platform - Authenticated Remote Code Execution via Untrusted Data Deserialization

CVE-2022-47503 HIGH

SolarWinds Orion Platform - Remote Code Execution via Untrusted Data Deserialization

CVE-2022-38111 HIGH

SolarWinds Platform - Code Injection

CVE-2022-3568 HIGH

ImageMagick Engine <1.7.5 - Open Redirect

CVE-2022-45982 CRITICAL

thinkphp 6.0.0-6.0.13 and 6.1.0-6.1.1 - Remote Code Execution via Deserialization

CVE-2022-44645 HIGH

Apache Linkis <= 1.3.0 - Remote Code Execution via MySQL Connector/J Deserialization

CVE-2022-32521 HIGH

Schneider Electric Data Center Expert < 7.9.0 - Remote Code Execution via Unsafe Deserialization

CVE-2022-31710 HIGH

vRealize Log Insight 3.0-4.8 - Unauthenticated Denial of Service via Deserialization

CVE-2022-45923 HIGH

OpenText Extended ECM 20.4-22.3 - Remote Code Execution via cs.exe Memory Manipulation

CVE-2022-4890 MEDIUM

abhilash1985 PredictApp - Deserialization

CVE-2022-46478 CRITICAL

datax-web <2.1.2 - Command Injection

CVE-2022-41778 CRITICAL

Delta Electronics InfraSuite Device Master <00.00.01a - Code Injection

CVE-2022-47083 HIGH

Spitfire CMS <1.0.475 - Code Injection

CVE-2022-41966 HIGH

XStream < 1.4.20 - Denial of Service via Recursive Hash Calculation

CVE-2022-41596 HIGH

HarmonyOS < 2.1 - Unauthorized Component Startup via Deserialization Inconsistency

CVE-2022-44351 CRITICAL

skycaiji 2.5.1 - Deserialization of Untrusted Data via Mystore.php

CVE-2022-44371 CRITICAL

hope-boot 1.0.0 - Remote Code Execution via Untrusted Deserialization

CVE-2022-32224 CRITICAL

Activerecord < 5.2.8.1 - Insecure Deserialization

CVE-2022-46366 CRITICAL

Apache Tapestry 3.x - Remote Code Execution via Untrusted Data Deserialization

Previous Page 76 of 114 Next

Details

Vulnerabilities 2,831

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy