Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,835 vulnerabilities with CWE-502

CVE-2022-44351 CRITICAL

skycaiji 2.5.1 - Deserialization of Untrusted Data via Mystore.php

CVE-2022-44371 CRITICAL

hope-boot 1.0.0 - Remote Code Execution via Untrusted Deserialization

CVE-2022-32224 CRITICAL

Activerecord < 5.2.8.1 - Insecure Deserialization

CVE-2022-46366 CRITICAL

Apache Tapestry 3.x - Remote Code Execution via Untrusted Data Deserialization

CVE-2022-1471 HIGH

PyTorch Model Server Registration and Deserialization RCE

CVE-2022-36964 HIGH

SolarWinds Orion Platform - Authenticated Remote Code Execution via Untrusted Data Deserialization

CVE-2022-41958 HIGH

super_xray < 0.7 - Deserialization of Untrusted Data via YAML Config File

CVE-2022-41875 CRITICAL

Optica < 0.10.2 - Unauthenticated Remote Code Execution via JSON Payload Deserialization

CVE-2022-41922 HIGH

Yii < 1.1.27 - Remote Code Execution via Unsafe Unserialize

CVE-2022-3861 HIGH

Betheme Theme <26.5.1.4 - Code Injection

CVE-2022-3525 HIGH

librenms/librenms <22.10.0 - Deserialization

CVE-2022-45077 MEDIUM

Betheme <= 26.5.1.4 - Authenticated PHP Object Injection

CVE-2022-45047 CRITICAL

Apache MINA SSHD <= 2.9.1 - Deserialization of Untrusted Data in SimpleGeneratorHostKeyProvider

CVE-2022-45136 CRITICAL

Apache Jena SDB < 3.17.0 - Remote Code Execution via JDBC Deserialization

CVE-2022-38652 CRITICAL

VMWare Hyperic Agent 5.8.6 - Deserialization

CVE-2022-38650 CRITICAL

VMware Hyperic Server <5.8.6 - Open Redirect

CVE-2022-44562 CRITICAL

Huawei EMUI and HarmonyOS - Deserialization of Untrusted Data in System Framework Layer

CVE-2022-44559 CRITICAL

HarmonyOS - Privilege Escalation via AMS Module Deserialization Mismatch

CVE-2022-44558 CRITICAL

HarmonyOS and EMUI - Privilege Escalation via AMS Module Deserialization

CVE-2022-41203 HIGH

SAP BusinessObjects BI Platform - Deserialization

CVE-2022-32601 HIGH

Android - Local Privilege Escalation via Telephony Parcel Format Mismatch

CVE-2022-31199 CRITICAL KEV

Netwrix Auditor < 10.5 - Unauthenticated Remote Code Execution via User Activity Video Recording Component

CVE-2022-3536 HIGH

WooCommerce WordPress <1.6.3 - Code Injection

CVE-2022-42919 HIGH

Python 3.9.x < 3.9.16 and 3.10.x < 3.10.9 - Privilege Escalation via Pickle Deserialization

CVE-2022-43567 HIGH

Splunk Enterprise <8.2.9-9.0.2 - Command Injection

Previous Page 77 of 114 Next

Details

Vulnerabilities 2,835

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy