Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,835 vulnerabilities with CWE-502

CVE-2022-39298 HIGH

Melistechnology Meliscms < 5.0.1 - Insecure Deserialization

CVE-2022-39297 HIGH

MelisCms < 5.0.1 - Unauthenticated Remote Code Execution via Untrusted Data Deserialization

CVE-2022-31680 CRITICAL

VMware vCenter Server - Remote Code Execution via Unsafe Deserialization in Platform Services Controller

CVE-2022-26472 HIGH

Android - Local Privilege Escalation via Parcel Format Mismatch

CVE-2022-26471 HIGH

Android - Local Privilege Escalation via Parcel Format Mismatch

CVE-2022-41082 HIGH KEV

Microsoft Exchange Server - Remote Code Execution via Untrusted Data Deserialization

CVE-2022-42004 HIGH

jackson-databind < 2.13.4 - Resource Exhaustion via Deeply Nested Arrays

CVE-2022-42003 HIGH

FasterXML jackson-databind < 2.12.7.1 - Resource Exhaustion via Deep Wrapper Array Nesting

CVE-2022-40314 CRITICAL

Moodle < 3.9.17 - Remote Code Execution via Backup File Deserialization

CVE-2022-39256 CRITICAL

Orckestra C1 CMS < 6.13 - Authenticated Remote Code Execution via Untrusted Data Deserialization

CVE-2022-2903 HIGH

Ninja Forms < 3.6.13 - PHP Object Injection via Import File Deserialization

CVE-2022-36944 CRITICAL

Scala 2.13.0-2.13.8 - Deserialization of Untrusted Data via Function0 Gadget Chain

CVE-2022-41237 CRITICAL

Jenkins DotCi Plugin <2.40.00 - RCE

CVE-2022-40955 HIGH

Apache InLong <1.3.0 - Deserialization

CVE-2022-39008 CRITICAL

Huawei EMUI and HarmonyOS - Deserialization of Untrusted Data in NFC Module

CVE-2022-38352 CRITICAL

ThinkPHP 6.0.13 - Remote Code Execution via League Flysystem Psr6Cache Deserialization

CVE-2022-36038 HIGH

CircuitVerse - Authenticated Remote Code Execution via Crafted JSON Payload

CVE-2022-2442 HIGH

Migration, Backup, Staging - WPvivid <= 0.9.74 - Authenticated Deserialization of Untrusted Data via 'path' Parameter

CVE-2022-2438 HIGH

Broken Link Checker <= 1.11.16 - Authenticated Deserialization of Untrusted Data via Log File

CVE-2022-2436 HIGH

Download Manager <= 3.2.49 - Authenticated Deserialization of Untrusted Data via file[package_dir] Parameter

CVE-2022-2434 HIGH

String Locator < 2.5.0 - Unauthenticated Deserialization of Untrusted Data via string-locator-path Parameter

CVE-2022-2433 HIGH

Ajax Load More < 5.5.3 - Unauthenticated Deserialization of Untrusted Data via alm_repeaters_export Parameter

CVE-2022-2830 HIGH

Bitdefender GravityZone <6.29.2-1, <6.27.2-2 - Deserialization

CVE-2022-29063 CRITICAL

Apache OFBiz < 18.12.06 - Remote Code Execution via Solr Plugin RMI Request

CVE-2022-37023 MEDIUM

Apache Geode < 1.15.0 - Deserialization of Untrusted Data via REST API

Previous Page 79 of 114 Next

Details

Vulnerabilities 2,835

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy