Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-502

CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,835 vulnerabilities with CWE-502

CVE-2022-1984 MEDIUM

HYPR Windows WFA <7.2 - Privilege Escalation

CVE-2022-2444 HIGH

Visualizer for WordPress <= 3.7.9 - Authenticated Deserialization via Remote Data Parameter

CVE-2022-2437 CRITICAL

Feed Them Social < 2.9.8.6 - Unauthenticated Deserialization of Untrusted Data via fts_url Parameter

CVE-2022-30981 HIGH

Gentics CMS <5.43.1 - Code Injection

CVE-2022-31605 CRITICAL

NVFLARE < 2.1.2 - Remote Code Execution via Unsafe YAML Deserialization

CVE-2022-31604 CRITICAL

NVIDIA NVFLARE < 2.1.2 - Remote Code Execution via Unsafe Pickle Deserialization

CVE-2022-31115 HIGH

opensearch-ruby < 2.0.1 - Deserialization of Untrusted Data via YAML.load

CVE-2022-33107 CRITICAL

ThinkPHP 6.0.12 - Remote Code Execution via Flysystem Cached Adapter Deserialization

CVE-2022-20195 MEDIUM

Android - Local Denial of Service via Unsafe Deserialization in Keystore Library

CVE-2022-29615 LOW

SAP NetWeaver Developer Studio 7.50 - Deserialization of Untrusted Data

CVE-2022-25863 HIGH

gatsby-plugin-mdx < 2.14.1, 3.0.0-3.15.2 - Deserialization of Untrusted Data via gray-matter Input

CVE-2022-25845 HIGH

fastjson < 1.2.83 - Deserialization of Untrusted Data via autoType Bypass

CVE-2022-1660 CRITICAL

Keysight N6854A and N6841A RF Firmware < 2.4.0 - Unauthenticated Remote Code Execution via Untrusted Deserialization

CVE-2022-29875 CRITICAL

Siemens Biograph Horizon PET/CT < VJ30C-UD01 - RCE via Untrusted Data Deserialization

CVE-2022-28948 HIGH

Go-Yaml v3 < 3.0.1 - Denial of Service via Unmarshal Function

CVE-2022-1118 HIGH

Connected Components Workbench < 13.00.00 - Deserialization of Untrusted Data

CVE-2022-24108 CRITICAL

So Listing Tabs module 2.2.0 for OpenCart - Code Injection

CVE-2022-0573 HIGH

JFrog Artifactory <7.36.1,6.23.41 - Insecure Deserialization

CVE-2022-29363 CRITICAL

phpok 6.1 - Deserialization of Untrusted Data via update_f() Function

CVE-2022-1463 HIGH

Booking Calendar < 9.1 - PHP Object Injection via [bookingflextimeline] Shortcode

CVE-2022-25767 CRITICAL

ureport2 - Remote Code Execution via Malicious Database Server Connection

CVE-2022-25647 HIGH

Gson < 2.8.9 - Denial of Service via Untrusted Data Deserialization

CVE-2022-29936 HIGH

USU Oracle Optimization < 5.17 - Authenticated Remote Code Execution via Java Deserialization

CVE-2022-29528 CRITICAL

MISP < 2.4.158 - Deserialization of Untrusted Data via PHAR

CVE-2022-26133 CRITICAL

Atlassian Bitbucket Data Center <7.17.6 - Code Injection

Previous Page 81 of 114 Next

Details

Vulnerabilities 2,835

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy