Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,835 vulnerabilities with CWE-502

CVE-2022-37022 HIGH

Apache Geode < 1.12.2 and 1.13.2 - Deserialization of Untrusted Data via JMX over RMI

CVE-2022-37021 CRITICAL

Apache Geode <= 1.12.5, 1.13.4, 1.14.0 - Deserialization of Untrusted Data via JMX over RMI

CVE-2022-34668 CRITICAL

NVFLARE < 2.1.4 - Remote Code Execution via Pickle Deserialization

CVE-2022-36119 HIGH

Blue Prism Enterprise <7.01 - Code Injection

CVE-2022-2465 HIGH

Rockwell Automation ISaGRAF Workbench 6.0-6.6.9 - Remote Code Execution via Untrusted Data Deserialization

CVE-2022-33900 MEDIUM

PHP Object Injection - Code Injection

CVE-2022-29805 CRITICAL

Fishbowl < 2022.4.1 - Remote Code Execution via XML Deserialization

CVE-2022-2886 MEDIUM

Laravel 5.1.0-5.1.45 - Deserialization of Untrusted Data

CVE-2022-2870 MEDIUM

Laravel 5.1.0-5.1.45 - Deserialization of Untrusted Data

CVE-2022-36006 HIGH

Arvados < 2.4.2 - Authenticated Remote Code Execution via JSON Payload Deserialization

CVE-2022-33947 MEDIUM

BIG-IP <16.1.3,15.1.6.1,14.1.5,13.1.x - Privilege Escalation

CVE-2022-28684 HIGH

DevExpress 18.1.0-18.1.17 - Authenticated Remote Code Execution via SafeBinaryFormatter Deserialization

CVE-2022-35223 CRITICAL

EasyUse MailHunter Ultimate < 2020 - Unauthenticated Remote Code Execution via Cookie Deserialization

CVE-2022-30287 HIGH

Horde Groupware Webmail Edition <= 5.2.22 - Remote Code Execution via PHP Object Deserialization

CVE-2022-35872 HIGH

Inductive Automation Ignition 8.1.15 - Code Injection

CVE-2022-35870 HIGH

Inductive Automation Ignition 8.1.15 - Deserialization

CVE-2022-33320 HIGH

Mitsubishi Electric GENESIS64 <10.97.1 - Code Injection

CVE-2022-33318 CRITICAL

Mitsubishi Electric - Use After Free

CVE-2022-33316 HIGH

Mitsubishi Electric GENESIS64 <10.97.1 - Code Injection

CVE-2022-33315 HIGH

Mitsubishi Electric GENESIS64 <10.97.1 - Code Injection

CVE-2022-21549 MEDIUM

Oracle Java SE <17.0.3.1 & Oracle GraalVM EE <22.1.0 - Unauthentica...

CVE-2022-27580 HIGH

Safety Designer <= 1.11.0 - Remote Code Execution via Malicious Project File Deserialization

CVE-2022-27579 HIGH

Flexi Soft Designer <= 1.9.4 SP1 - Remote Code Execution via Malicious Project File Deserialization

CVE-2022-35405 CRITICAL KEV

ManageEngine Password Manager Pro <12101 & PAM360 <5510 - RCE via Java Deserialization

CVE-2022-24082 CRITICAL

Pega Infinity 8.1.0-8.7.3 - Remote Code Execution via JMX Interface Deserialization

Previous Page 80 of 114 Next

Details

Vulnerabilities 2,835

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy