Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,835 vulnerabilities with CWE-502

CVE-2022-39379 LOW

Fluentd 1.13.2-1.15.2 - Unauthenticated Remote Code Execution via JSON Payload Deserialization

CVE-2022-44542 CRITICAL

lesspipe < 2.06 - Remote Code Execution via Perl Storable Deserialization

CVE-2022-41779 HIGH

Delta Electronics InfraSuite Device Master <00.00.01a - Deserializa...

CVE-2022-38142 CRITICAL

Delta Electronics InfraSuite Device Master <0.00.01a - Deserialization

CVE-2022-3380 HIGH

WordPress Customizer Export/Import <0.9.5 - Code Injection

CVE-2022-3374 HIGH

Ocean Extra WordPress <2.0.5 - Code Injection

CVE-2022-3366 HIGH

PublishPress Capabilities <2.5.2 - Code Injection

CVE-2022-3360 HIGH

LearnPress WordPress <4.1.7.2 - RCE

CVE-2022-3357 HIGH

Smart Slider 3 WordPress <3.5.1.11 - Code Injection

CVE-2022-3334 HIGH

Easy WP SMTP <1.5.0 - Code Injection

CVE-2022-40238 HIGH

CERT VINCE < 1.50.5 - Authenticated Remote Code Execution via Pickle Deserialization

CVE-2022-39944 HIGH

Apache Linkis <=1.2.0 - Remote Code Execution via MySQL JDBC URL Deserialization

CVE-2022-3335 HIGH

Kadence WooCommerce Email Designer <1.5.7 - Code Injection

CVE-2022-39312 CRITICAL

Dataease < 1.15.2 - Remote Code Execution via Mysql JDBC Deserialization

CVE-2022-38108 HIGH

SolarWinds Platform - Code Injection

CVE-2022-36958 HIGH

SolarWinds Orion Platform - Authenticated Remote Code Execution via Untrusted Data Deserialization

CVE-2022-36957 HIGH

SolarWinds Orion Platform - Authenticated Remote Code Execution via Untrusted Data Deserialization

CVE-2022-43019 CRITICAL

OpenCATS 0.9.6 - Remote Code Execution via getDataGridPager AJAX Deserialization

CVE-2022-23734 HIGH

GitHub Enterprise Server < 3.2.16 - Remote Code Execution via Untrusted Data Deserialization in SVNBridge

CVE-2022-21624 LOW

Oracle Java SE <19 - Unauthenticated RCE

CVE-2022-39198 CRITICAL

Apache Dubbo < 2.7.17, 3.0.x <= 3.0.11, 3.1.x <= 3.1.0 - Remote Code Execution via Hessian-Lite Deserialization

CVE-2022-40889 CRITICAL

Phpok 6.1 - Deserialization of Untrusted Data via phpok_call.php

CVE-2022-22241 HIGH

Juniper Junos OS Multiple Versions - Unauthenticated Deserialization via J-Web POST Request

CVE-2022-3291 MEDIUM

GitLab EE <15.2.5-15.4.1 - Info Disclosure

CVE-2022-39311 CRITICAL

GoCD < 21.1.0 - Authenticated Remote Code Execution via Spring RemoteInvocation Deserialization

Previous Page 78 of 114 Next

Details

Vulnerabilities 2,835

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy